Domino’s Pizza customers were recently surprised to find their inboxes had been receiving highly personalised spam emails. The emails contained customers’ personal details, citing their names and their locations. In some other cases, the emails also attached unwanted material such as pornography.
Spamming and phishing emails are common online ‘pests’ in the world of cyber crime. What makes this particular phishing strategy more sinister is that it had utilised Domino’s customers’ private data as a method of targeting its victims[1].
Domino’s insists that company and customer data has not been compromised. Instead, it claims that the data was taken from another online supplier that that shared information with Domino’s online databases. Domino’s believes the data was extracted from an online rating system that was used to rate Domino’s services. Domino’s has not revealed the identity of this third-party supplier as yet[2].
The task of keeping private customer data safe becomes difficult when you need to share some of that information with authorised third parties. It is essential to ensure that not only is your own IT security up to scratch but your suppliers and contractors are operating with the highest levels of security as well.
To add insult to injury, Domino’s had ended its contract with this unnamed supplier back in July. It is troubling that after ending their working relationship, this supplier had not yet deleted the data that Domino’s had originally shared with the third party and opens up a whole range of questions surrounding database security.
Phishing and spam emails can be easily removed and guarded against. Nevertheless, this Domino’s spam hack teaches us two valuable lessons to keep in mind when keeping customer information safe:
- Perform extensive due diligence when working with suppliers – asking extra questions will help you determine if the supplier can maintain the same standard of security as you would with your own data. As we have seen before, data breaches can occur by targeting linked third parties such as suppliers or subcontractors. These may have lower levels of cyber security than that of your own company
- Ensure the data you provide to suppliers or subcontractors can be deleted after use – collaborative contracts and agreements should have specific clauses that demand the secure deletion or removal of inappropriate or obsolete data from their servers. This should always occur when their contract terms are finished.
The Domino’s data breach was ultimately more of a nuisance than a cyber attack. Nevertheless, a privacy breach of any sort is still a very serious matter.
Customers should feel they can use their online services without having to be subjected to phishing or spam because of them having ordered a quick home delivered pizza one evening.
All information is sacred, even pizza delivery information. Therefore, regardless of the service you provide to your customers, from fast food to medical services, customer data must be protected in every way.
For assistance in securing your organisations critical information and that of your customers, do not hesitate to contact Agilient.
The Agilient Team
[1] https://au.news.yahoo.com/a/37547202/dominos-pizza-reveals-cause-of-data-hack-that-sent-eerie-emails/
[2] https://www.itnews.com.au/news/online-rating-system-likely-behind-dominos-data-leak-475806?eid=65&edate=20171024&utm_source=20171024&utm_medium=newsletter&utm_campaign=sc_weekly