Domino’s India Data Breach – User Info Linked to 18 Cr Orders Leaked
Overview: This article is a continuation of the post – Biggest Data Breaches in India. Here we’ll discuss Domino’s India Data Breach case in detail.
In April 2021, Domino’s India suffered a security breach where data linked to 18 crore orders had been leaked online. Jubilant FoodWorks (the parent company which operates Domino’s pizza chain) acknowledged the data breach but denied the leak of financial information about the customers.
More Details About Domino’s India Cyberattack
Hackers had allegedly leaked customer data and put them up for sale on the dark web. The information including name, email, GPS location, residential address, order history, etc of customers who ordered pizza online was leaked.
Official statement of Domino’s India: “Jubilant FoodWorks has experienced a cybersecurity breach recently. No data pertaining to finance have been disclosed since our policy doesn’t support saving credit card or debit card details of customers. Our investigation team is inquiring about this matter. Also, we’ve taken the necessary action to contain the incident.”
Consequence(s) of Domino’s India Data Breach
The cybersecurity incident at Domino’s India was unusual since the information about its customers was made public on the internet. And, the biggest concern of the incident was that people were using the data to spy on other individuals, creating a real threat to the customers’ privacy.
On the other hand, it caused severe damage to the reputation and brand value of the company. It has come to light that after Domino’s India cyberattack, hackers had also attempted to intimidate and extort ransom from the company.
Domino’s Take On The Data Breach
After Domino’s India data breach, Jubilant FoodWorks Ltd approached Delhi high court and asked for direction from the Ministry of Electronics and Information Technology and the Department of Communication to block and remove the hacked URLs. The company also requested the concerned ministry to direct and notify the intermediaries such as telecom service providers, internet service providers, and search engines to immediately remove or disable access to the uniform resource locators (URLs) created by one or more unknown hackers.
On that, advocate Kirtiman Singh let the bench of Justice Yogesh Khanna know that the URLs supplied to them had already been blocked.
Cybersecurity Expert’s Response to Domino’s India Data Breach
Cybercriminals are advancing day by day and performing malicious activities in various forms of cyberattacks. Given the rising security concerns, cybersecurity experts urged users that they need to educate themselves on data privacy practices and engage with vendors with only the right amount of information necessary. Also, restrict certain services to specific numbers/email IDs, and enforce parental controls on children’s accounts and devices (wherever possible).
Not just individual users, it is important for businesses to understand the factors that can cause a data breach. In order to be fully prepared to prevent an incident, or mitigate the risks caused by it, they need to implement security measures for maintaining data integrity and privacy.
As a matter of fact, privacy alone is not enough, businesses need to have a consultant/auditor who will be regulating, auditing, and making sure that the security controls are in place. For that, SysTools’ VAPT and SOC services are the best fit as the trained security professionals will be there to detect the vulnerabilities present in your IT infrastructure before they could make any further damage.
From Domino’s India Data Breach it’s clear that in today’s digital era, anyone can be at risk of a security breach — from individuals to high-level enterprises and governments. In fact, anyone can put others at risk if they are not protected.
Businesses that are a victim of a data breach today not only are responsible to protect their consumer’s data, but also prevent it from being misused by cybercriminals in the aftermath of a data breach. Otherwise, they could have to bear a huge fine as per Data Protection Bill. So, it’s the responsibility of the business owners and is the need of the hour to take the necessary steps to protect the business and its confidential data.