On Sunday, Alon Gal who is CTO of cyber security firm Hudson Rock, claimed that credit card details of nearly 10 lakh people who purchased online on Domino’s Pizza India is allegedly being sold for over Rs 4 crore on the Dark Web.
A Jubilant FoodWorks spokesperson said it experienced an information security incident recently. “No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact,” the spokesperson added. “As a policy, we do not store financial details or credit card data of our customers, thus no such information has been compromised.”
According to Gal, the threat actor is looking for around $550,000 (approximately Rs 4 crore) for the database and saying they have plans to build a search portal to enable querying the data. “Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details and a whopping 1,000,000 credit cards,” Gal claimed in a tweet. “Plenty of large scale Indian breaches lately, this is worrying,” he added. Jubilant FoodWorks said its team of experts is investigating the matter and “we have taken necessary actions to contain the incident.”
“The news about financial data being leaked is totally incorrect. Also, as per leading cyber security researchers, there is no financial data visible on the Dark Web,” it said. Independent cyber security researcher Rajshekhar Rajaharia had said he alerted about this possible hack to the CERT-in on March 5. There have been a string of hacking incidents involving Indian firms recently, including Bigbasket, BuyUcoin, JusPay, Upstox and others.