Hacker leaks user info linked to 18 crores Domino’s orders

Customers’ personal information, as well as the specifics of about 18 crore orders, have been made public by a Hacker.

The same data from about 18 crore orders, including confidential details such as customer names, phone numbers, and locations. It is made public by the hackers after the iconic pizza delivery company Domino’s has seen a major data breach on April 20.

Since April 16, a threat actor has been attempting to sell reportedly hacked data from Domino’s. Also seeking a ransom from the company to keep it from being sold. According to Sourajeet Majumder, a cyber researcher who first discovered the dataset.

🚨 Data Breach Alert :

13TB of employee files & customer details, which allegedly belongs to @dominos_india have been leaked on the Dark Web through a search portal that gives access to sensitive info of the users.

Sadly, I found out that my privacy has also been compromised. pic.twitter.com/f05MZ7pRLt

— Sourajeet (@TechCrucio) May 21, 2021

Domino’s response

JFL did not respond to an email requesting comment about what the firm is doing to educate customers and how it plans to strengthen its cybersecurity.

Consequently, JFL on the breach of data has added in a statement that customers’ financial information is secure.

What does this imply for users?

Users are not happy with Domino’s India’s response. Many people have asked that whether company can be held accountable.

Users, on the other hand, have no control of records such as names, phone numbers that have been made available. People will block the cards and have them reissued from banks, as well as reset their passwords, according to experts.

Users will still seek actual damages if they can succeed. If there is an established leak under the Consumer Protection Rules, 2019, according to Safir Anand, Senior Partner & Head of Trademarks, Anand & Anand.

Is it possible to hold corporations accountable?

Yes, it will come under Section 43A of the IT Rules 2011, which contains data security provisions.

According to the law, if a corporation deals with confidential personal data or information and fails to ensure a proper level of protection to secure that data or information. It causes unjust harm or gains to any individual, the company is liable to pay damages to the person(s) affected.

“A company that fails to protect the personal data of its users can be held accountable under Section 43A,” Anand said.