Domino’s blames #supplier for the claimed #‘hacking’ of customer #accounts

Domino’s Pizza is yet to name the supplier at the centre of hacking claims by customers whose personal details were leaked.

It hasn’t yet named the industry the supplier came from — something that shouldn’t be hard to do. Was it the supplier of pie crust ingredients, the pineapple used in its Hawaiian specials, or, more possibly, an IT contractor, or a contractor or individuals involved in pizza delivery who may have legitimate access to customer records?

The worst case scenario is that someone who had access to customer data onsold it in cyberspace.

And do we know if this leak of customer data has somehow been quelled? How much data actually got out?

Indeed, more information is needed as to exactly who accessed customer names, email addresses and suburbs for people’s concerns to be allayed. Most of this information can be provided without breaching others’ privacy. That shouldn’t be a barrier.

Domino’s yesterday acknowledged “a potential issue” following posts online by angry customers who received emails from third parties who knew their pizza buying habits.

“I’ve been getting lots of emails from ‘Sarah’ and ‘Jess’ lately,” one customer says on newssite Reddit.com. “They all know my name, email address and places close to where I live. Those places turned out to be Domino’s stores I’ve ordered at,” the posts says.

The post’s author says Domino’s had confirmed they had passed on details to a secondary supplier who had been hacked. But Domino’s would not disclose who the company was and why the supplier had the data. Nor would the pizza chain reveal why the alleged supplier had the data, the post says.

“I had been getting them too, I’d been in contact with them as well,” says another Reddit user.

“I have been affected by this as my data has obviously been stolen (been receiving emails and thought it was something else at first),” posts a third.

The alleged hacking doesn’t seem to be limited to Australia. In New Zealand there are similar stories.

On October 9, the website Newshub reported that a customer who used the alias ‘Professor Chandler’ only when ordering pizza began receiving unsolicited promotional material addressed to ‘Professor Chandler’, sent to their email address.

The Christchurch-based customer had been in contact with others who had received similar emails. Both the New Zealand and Australian emails were authored by a ‘Sarah’.

Another customer who posted on the Australian website Whirlpool.net.au claims to have received an email offering them work with a large shipping organisation. It was sent to an email address they used exclusively for ordering pizza.

Domino’s in a statement confirmed that it had been notified by customers receiving unauthorised spam emails. “There is no evidence to suggest that there has been any unauthorised access to Domino’s systems,” the statement says.

“We are investigating a potential issue with a former supplier’s systems that may have led to a number of customer email addresses, names and store suburbs (related to pizza orders) being accessed as a result,” it says.

Domino’s says it acted quickly to contain the information when it became aware of the issue and has commenced a detailed review process It says there is no need for customers to update their account passwords.

“Domino’s confirmed customers do not have to update passwords or details but recommends they don’t click on any links contained in the spam material, mark the emails as spam, and ensure their virus protection is up-to-date.”

The pizza company says it is in contact with the Office of the Australian Information Commissioner over this issue. Domino’s has not named the supplier.

The Australian Parliament this year passed mandatory data breach notification law requiring organisations that experience hacking to notify the Privacy Commissioner and to notify customers affected by the alleged breach. But the requirement does not come into force until next year.

This is not the first time Domino’s has faced concerns about customer details being hacked. In April a customer claimed someone hacked into his account and placed multiple orders for pizza.