A hacker group called Rex Mundi blackmailed the French and Belgian operations of Domino’s Pizza for €30,000 (around $US40,600 USD), threatening to release stolen account information of over 600,000 Domino’s customers, reports ITNews.
The hackers wrote on a web clipboard service that each record contained a customer’s name, address, telephone number, email address, and password. The group claimed to have 592,000 such records for French customers and 68,000 for Belgian customers.
The Domino’s France Twitter account confirmed the breach and referred to the hackers as “seasoned professionals,” adding that “it is likely that they are able to decode the encrypted information, including passwords.”
Though the Rex Mundi Twitter account is now suspended, it formerly stated that Domino’s customer data is quite vulnerable to thieves, as it is stored in a relatively unsecured format.
A Domino’s spokesperson said that the affected data in question only involved names, email addresses, and phone numbers, and emphasised that no banking or financial information was accessed, as the company doesn’t retain it.
Instead of paying up, Domino’s took the breach to the French authorities, making this attempted blackmail on the company the latest in a series of Rex Mundi’s failed attempts to turn a dime from its hacking skills. According to The Register, the group published “thousands of customer loan records after it attempted to extract $US15,000 from payday loan provider Americash Advance” and failed to get paid for stealing and “subsequently publishing 12,000 names of Belgian hosting firm Alfanet.”