© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
June 16, 2014 6:54 pm
Hackers are holding Domino’s Pizza to ransom after stealing the personal data of more than 600,000 of its customers in France and Belgium.
A group that calls itself Rex Mundi has said it has accessed information relating to 592,000 French customers of the fast-food group, as well as more than 50,000 customers in Belgium.
On Monday, Domino’s Pizza Enterprises, the master franchiser that oversees the French and Belgium outlets, confirmed the theft, which happened last week.
The hackers have demanded €30,000 to prevent publication of the information and threatened to post it on the internet if the payment was not received by 8pm on Monday night, central European Time.
“Boy did we find some juicy stuff in there,” the group said in an internet posting, adding that the information included names, addresses, emails, phone numbers and even customers’ favourite pizza toppings.
But, on Monday, Andrew Rennie, chief executive of Domino’s Pizza Enterprises in Europe, said the hackers would not be paid a cent. “We refuse to be extorted and we are not going to play that game,” he told the FT. “It cannot be good for anybody if companies pay ransoms. We have to take a stance on this.”
Mr Rennie confirmed that the stolen data did not contain any financial or banking information and that the Domino’s website does not allow customers to pay online. He said that the company informed customers of the theft last week.
He added that Domino’s Pizza Enterprises – which also manages franchises in Australia, New Zealand, Japan, Monaco and the Netherlands – had recorded its best week of online sales last week following the cyber theft.
Orders placed through Domino’s Pizza’s website in France and Belgium account for between 20 per cent and 25 per cent of total sales, Mr Rennie explained, and he stressed that customers in other countries have not been affected.
Last week’s theft of Domino’s customer data are not the first time that Rex Mundi has attacked a company. In 2012, it published thousands of loan applications that it had stolen from Americash Advance, the US payday loan company.
The hacking group said that it published the details after Americash Advance refused to pay a ransom that it had demanded as an “idiot tax” for having allegedly stored a confidential document on one of its servers without any security measures.
Other victims of Rex Mundi include Buy Way, the Belgian financial institution, and Alfa Hosting, a Belgian web hosting company, which had the names of 12,000 of its customers posted online by the hackers.
Mr Rennie told the FT that Domino’s Pizza in France and Belgium was in the process of switching to a secure system that would enable customers to carry out financial transactions online – something that it does not allow at present. He said that changeover would likely take place in March or April of next year.
Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in