A group of hackers going by the name Rex Mundi has compromised the servers of Domino's Pizza, stealing over 600,000 customer records from its France and Belgium operations. The hack group threatens to publish the data if its demand for a payment of €30,000 (£23,900) is not met.
"Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database," wrote Rex Mundi on 13th June. "And boy, did we find some juicy stuff in there!"
Credit card data and other financial data not stolen
The group of cyber criminals said that data such as customers' personal information, passwords, delivery instructions and even their favourite pizza toppings were downloaded, comprising "over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones."
With all this information held for ransom, Rex Mundi has given the pizza chain a deadline of 8pm CET (10pm GMT) today to pay up. If no payment is received it intends to unleash "the entirety of the data in [its] possession on the internet." On the hackers' Twitter page, they even advise French customers to speak to their lawyers, telling them that they have the right to sue Dominos.
Domino's France has recommended users change their passwords as soon as possible. However, the company's executive Andre ten Wold suggested that the ransom demand would not be paid, and that they have filed a complaint with a court in Paris, according to a Dutch newspaper (via the Telegraph). "There are clear indications that something is broken on our server. The information contained in them is protected," said Wold, whilst reassuring customers that "financial data, such as credit cards, has not been stolen."
The hacker group, on the other hand, seems to be playing up the tension between angry customers in its latest TV / movie-trailer style Tweet, in hope that Domino's will give in to its extortion demands.
*I was going to embed this Tweet but the Rex Mundi Twitter account has since been suspended.*
Previous hacking for ransom attempts by Rex Mundi include the publication of loan-applicant details from US payday loan company AmeriCash Advance in 2012, after the company refused to pay $20,000. It also breached Belgian hosting firm Alfa Hosting's system earlier this year and published the names of 12,000 of that company's customers.
HEXUS received an email from Kaspersky Lab's David Emm on the news within the last hour. Emm said that companies should at least secure both the gateway to the data and the data stored on their servers. However he thankfully noted that credit card details were not stolen in this case.