Domino’s red faced Down Under following onslaught of spam emails
It seems that the details of some Domino's Australia customers — including name, email address and their favoured branches — have ended up in the hands of cybercrooks. During the last few weeks, customers have been sent phishing emails from seemingly randomised email addresses in an attempt to prompt a reply.
A Reddit user has detailed his experience. “I've been getting lots of emails from "Sarah" and "Jess" lately. They all know my name, email address and places close to where I live. Those places turned out to be Dominos stores I've ordered at,” he writes. He adds that he called Domino’s corporate and expressed his concerns and the pizza chain was “clearly familiar with the issue”.
Meanwhile, customers have taken to social media, complaining that Domino's had not contacted them about the incident even though they were clearly aware of it. “It was a bit eery getting all these spam emails that somehow knew my name and suburb and initially were making it past the spam filter. Fancy finding out from Reddit and not from Dominos that this is because you handed out my order data and there was a breach,” one customer tweeted.
“Go ahead and give your stock copy paste response that you're concerned, I just want to make very clear that the decision to try to keep me in the dark and not announce what had happened is why I will not be ordering Dominos again. I could have probably lived with it if at least the company did the right thing and informed us all as soon as they knew what had happened, but nope, you made the shady choice. I encourage everybody else to stay away from Dominos too,” he added.
In a statement on its website, Domino’s confirms that it has been notified of a number of customers receiving unauthorised spam emails. “There is no evidence to suggest that there has been any unauthorised access to Domino’s systems,” it says. “We are investigating a potential issue with a former supplier’s systems that may have led to a number of customer email addresses, names and store suburbs (related to pizza orders) being accessed as a result. Domino’s acted quickly to contain the information when it became aware of the issue and has commenced a detailed review process.”
It adds: “Ongoing testing has confirmed our systems are secure and at no time has customer financial information (including credit cards) or passwords, been accessed or compromised. Domino’s confirmed customers do not have to update passwords or details but recommends they don’t click on any links contained in the spam material, mark the emails as spam, and ensure their virus protection is up-to-date. The company is continuing to work with industry best cyber security professionals to work with suppliers to protect customer information and further enhance security. We are also engaging with the Office of the Australian Information Commissioner in regards to this issue.”