Hackers target Domino's Pizza, demand $40,000 ransom for customer data

Hackers have targeted Domino's Pizza servers and claim to have downloaded details of over 650,000 customers. The group, calling itself Rex Mundi, has said that unless the company pays up €30,000 EUR (around $40,600 USD / £24,000 GBP) by today, it will publish the full database online. 

The database includes details of more than 592,000 customers of the pizza chain in France, and a further 58,000 in Belgium. The group said that the records include "customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not)."

Rex Mundi said that it had contacted Domino's in France and Belgium to tell them of the vulnerability on their servers "and to offer them not to release this data in exchange for 30,000 Euros." In its post, made several days after the hack, the group said: "So far, Domino's Pizza has not replied to our demands. We would also like to point out that both of their websites are still up and vulnerable."

As The Telegraph reports today, Domino's France has publicly acknowledged the hack and contacted users to recommend that they change their passwords. Meanwhile, the head of Domino's Netherlands, Andre ten Wolde, has also commented, despite Dutch customers apparently not being affected by the breach.

He told Dutch-language Belgian newspaper De Standaard: "There are clear indications that something is broken on our server. The information contained in them is protected. Financial data, such as credit cards, has not been stolen." He added that the company would not be paying the ransom demand. 

The hackers have already posted a sample of customer data online, and say that they will post the database in its entirety if they do not receive the payment that they demand by 8pm CET today (Monday, June 16). 

Source: The Telegraph / dpaste.de (Google Cache) | lower image via The Telegraph
This article was updated after publication to clarify that De Standaard is a Dutch-language Belgian newspaper, not a Dutch publication, as was originally stated.

Report a problem with article
Previous Story

Hands-on: Razer Junglecat

Next Story

Surface Pro 3 review: The be-all, do-all tablet from Microsoft


Commenting is disabled on this article.

I could have swore that I read an article about them using Microsoft CRM at least in the US. Hope that's not the case though.

Haven't ordered anything from them in a long time. Just checked and changed my password. They have my old phone number and a physical address that's about 3,000 miles from where I live now, :p

Customers data huh like what is their favorite topping or what they order, oh you silly hackers you do not scare anyone this has to be weakest trolling.

I've seen two primary reasons why some business customers do not implement state of the art client/server security. The first is it costs more than they are willing to pay therefore making their big bonuses smaller. The main reason is that it wasn't the idea of of the CEO. Logic and reason are easily crushed by an ignorant CEO with an over-sized ego. . I try not to deal with these moronic businesses, without plenty of CMA documentation, as it will otherwise damage our reputation when things go wrong. Dominos apparently has the moronic strain of upper management that has no comprehension of security other that what they hear from their equally ignorant CEO brotherhood, not the desire to implement it when the learn the cost. They do keep their boats locked, however.

This is why I never like to give out my real name to these retailers and I don't understand why they are saving all these customer database in completely plain text. How hard it is for them to pay some competent person to safeguard their database.

It`s only the French and Belgium! I jest, i jest :p
Hopefully (iv`e not seen it anywhere) the passwords were at least hashed and salted and not just plain text, allthough it sounds like they could well be.
Hopefully they`ll find the perpetrators pretty soon and give them a bit of bird...

Indeed, you're absolutely right. There was evidently some confusion around the head of Domino's Netherlands speaking with a Dutch-language publication - and I managed to overlook the blindingly obvious. D'oh!

The article has been corrected, and a footnote appended. Thanks for pointing this out! :)

It often seems that such extortion terrorism is the only way to shake up the continued webcoding (and software in general) malpractice, pathologically arrogant idiocy and lack of quality and overall responsibility. Unfortunately, there's no hope whatsoever, really.

I actually dont feel sorry for Dominos at this point. They could of have spent the same amount to actually secure their systems (Probably even less).

Maybe they did think its secure? or as secure as anything can be on the internet.

A major website / service is getting hacked every other week now. I have little faith that anything accessible on the internet is actually secure at this point.

InsaneNutter said,
A major website / service is getting hacked every other week now.

I know what you mean, they're falling like Dominos.

They say no financials were gotten, assuming they're not covering up. At best they stole a phone book, although users with bad password habits may be at risk.