Scammers have Domino's Australia customer data – and are sending scarily customised spam emails

Domino’s CEO Don Meij. (Source: supplied)

Domino’s Australia customer data has been leaked, and Australians are receiving spam emails from scammers as a result.

At a minimum, the scammers seem to know the customers’ name, email address and the store where they purchased pizzas. The result is that pizza customers have been receiving phishing emails that look legitimate, addressing them by first name and mentioning their local suburb in an attempt to provoke a reply.

In an undated statement not listed on the Domino’s Australia media page, Domino’s blamed a “former supplier” for the privacy breach and insisted there was no “unauthorised access” to its systems.

“Domino’s apologises to customers who may have received any unsolicited emails as a result of this unauthorised access through the former supplier and recommends customers do not engage or respond to these emails,” the company stated.

A scam email using Domino’s Australia customer data. (Business Insider Australia)
Another phishing email using Domino’s Australia customer data. (Business Insider Australia)

While not disclosing when it first became aware of the issue, Domino’s stated it “acted quickly to contain the information” and that an investigation into the breach was under way.

Passwords and payment information had not been leaked, according to the company, and there is no need for customers to reset their passwords.

Business Insider first received a spam email in late September from a person named “Sarah” (without a surname) that addressed the recipient by first name, in an effort to solicit a reply. The email also contains a reference to Rozelle, a Sydney suburb that contains a Domino’s store.

A follow-up email from “Sarah” a week later also tries to provoke a response by asking whether the recipient is also in Rozelle. The two spam emails are supposedly sent from two completely different email addresses, although they’re likely to be fake.

Some Domino’s customers that have received similar emails have described them on social media as “eerie” and complained that the company’s response to the privacy breach was inadequate:

Domino’s Australia declined to name the former supplier responsible for the breach, but stated its relationship had ended in July this year.

Business Insider has contacted Domino’s Australia for further details.

The data leak first went public in New Zealand earlier this month, with the same spam emails from “Sarah” also going out to customers in that country. Local news site reported customer Luke Chandler, who last year ordered pizzas using the alias “Professor Chandler” from the Mount Maunganui store, receiving spam emails asking Professor Chandler if he was from Mount Maunganui.

ASX-listed Domino’s Pizza Enterprises owns the Domino’s franchise rights in both Australia and New Zealand, as well as France, Belgium, Netherlands, Japan and Germany. In 2014, hackers threatened to expose the data of more than 600,000 French and Belgian customers unless a 30,000 Euro ransom was paid.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.