Domino’s Pizza Gets £24k Ransom Demand For Stolen Data

Thieves have stolen 600,000 customer records from Domino’s Pizza, but security firms are surprised the crooks have only demanded £24,000 ($30k) to keep the data private.

Hacking group Rex Mundi hacked into Domino’s servers in France and Belgium, and told the pizza firm it has until 2o.oo Central European Time to pay up, or the data will be posted online in its entirity. Domino’s says it has no intention of paying and that no credit card information or other financial data is at risk.

Data to go?

“Hackers are increasingly turning to ransom as a money earner but in this instance it seems they aren’t quite as greedy as others have been – £24,000 seems very low!” said David Howorth, VP of AlertLogic.

Despite the low ransom demand, experts have warned Domino’s against paying up, saying that whatever the company does, the data will be for sale to other crooks.

“Consumers should heed the security industry advice to change their passwords as soon as Domino’s has fixed the server vulnerabilities that enabled the hack in the first place,” said Howorth.

The information taken includes names, addresses, phone numbers and delivery details. Rex Mundi has apparently not claimed to have any credit card details – but it does have a list of the customers’ favourite toppings.

Domino’s Pizza Netherlands CEO Andre ten Wold has told Dutch newspaper De Standaard that the company will not pay. The theft does not affect customers in the UK, and the UK site is regularly tested, says Domino’s.

Rex Mundi has tried similar heists before, hitting Belgian hosting firm Alfa earlier this year.

Are you a security pro? Try our quiz!