Data for Ransom (€30,000) – Domino Pizza HACKED

Pen Testing__

A new form of ransom is emerging in the tech world i.e. “DATA  RANSOM”. Data is a critical and costly Internet property that a hacker group with name of Rex Mundi (is Latin for King of the World) recently abducted by hacking into Domino pizza. A well known American pizza chain, Domino Pizza has over 11,000 stores worldwide, including 229 in France, 24 in Belgium and around 5,000 in the United States. Rex Mundi penetrated the servers of Domino in Belgium and France. They have asked for €30,000 as a ransom amount until 8pm CET to respond. Failing to this they will they have threatened to expose 600,000 customer’s data online. The Hack Apparently it seemed that servers were outdated which let hackers to penetrate into Domino’s servers. Hackers were able to download almost 592,000 French customers and 58,000 Belgian customers data that included name, email address, orders details, passwords. Credit card information is apparently not included in the breach as per record yet. Hackers have given time to pay the amount until 8 p.m. Central European Time (2 p.m. EDT) till June 16 to pay the ransom, or the group will post the stolen customer records online.

Photo credits:

Domino’s Pizza Netherlands chief executive Andre Ten Wold told Belgian business newspaper De Standaard that ” the company would not be acquiescing to the hackers’ demands.” Rex Mundi twitter account is disabled now, after the statement of Domino’s chief executive. Possible Damage There are chances that Rex Mundi group will sale data to potential buyers through some anonymous site like pastebin or least to say, they can just put customer data online.  If Domino’s Pizza servers are linked with other regions then there is quite a possibility that they have penetrated much more into server information such as credit card information and other region customers data too. Security is a serious subject, whether online or physical. The breach should be taken seriously and corporates need to understand that they have a responsibility and obligation to protect their customers and their information. Regular Penetration Tests, Bi-security audits, encryption of customers data, security awareness to end users of the company should be a mandatory activities in the action plan of CISO’s.