A group of hackers took it to Twitter to announce that they managed to breach the systems of Domino’s Pizza in Belgium and France and obtained access to more than 592,000 records belonging to French customers and over 58,000 records belonging to Belgians.The group responsible for the breach is called Rex Mundi, and it appears that the purpose of the deed was money extortion, as a 30,000 EUR / $40,619 demand was forwarded to Domino’s Pizza in France for the information not to be made public.
The tweet announcing the incident pointed to a file stored on dpaste.de, which has since been removed, informing that the content of the stolen information comprised full names, delivery addresses, phone numbers, email addresses and passwords (hopefully salted and hashed).
Domino’s Pizza has already reacted to the breach and informed that no credit card data has been stolen, but provided all the other details, and an attacker would have sufficient ammo to initiate phishing campaigns targeting the victims in order to obtain financial details.
Rex Mundi also posted on Twitter that Domino’s had been notified on Tuesday, June 10, and that they announced the customers of the incident only four days later. The company did not contact them, which means that they did not give in to the ransom request.
We notified @dominos_pizzafr about our hack on Tuesday. It took them 4 days to notify their customers. And they still haven't contacted us.— Rex Mundi (@RexMundi_Anon) June 13, 2014