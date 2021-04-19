



In addition to a large number of enterprise data recent violations involving Indian data, millions of data records on Domino pizza chain customers have been leaked online. According to tweets from co-founder and chief technology officer of the intelligence company on Cybercrime Rock Hudson, Alon Gal, Israel-based, data worth 13 terabytes. He tweeted Sunday that the data to include 180 million order details, including phone numbers, emails, addresses, payment details, including a million credit card details. The data, Gal said, was for sale on the Dark Web and the threat actor is asking $ 550,000 for the data. The threat actor also intended to create a search portal to enable research of the data, he added. A spokesman Dominos India said: “Jubilant FoodWorks recently faced an information security incident, no data to financial information of any person has been accessed and the incident did not have any. operational or commercial impact. as a policy, we do not store financial data details or customer credit card data, so none of this information has been compromised. our team of experts investigating the matter and we have taken the necessary steps to contain the incident. “ Jubilant FoodWorks is the parent company of Domino’s India. Rajshekhar Rajaharia, the cybersecurity researcher who first alerted users to a big data leak at payment firm MobiKwik last month, said he alerted the Indian branch of the government team’s cyber incidents to computer emergency response (CERT-In) to the Dominos data breach in March. . “Another Big Data Leak! 20 Crore Order Details, including 13 TB of Domino’s India data allegedly leaked from #DominosIndia server. Data Includes mobile, email, name, home address, payment type and social login tokens. It looks like the financial data isn’t there. #infosec #GDPR, “Rajaharia tweeted Monday. He added that the Domino’s data had previously been claimed to be in the possession of the same hacker who accessed MobiKwik’s data. “It seems the same hacker who claimed to have hacked #Mobikwik had access to # Domino’s since February 2021. I had alerted CERT-IN on March 5, 2021 about this. Later, the first hacker sold access to the server to another reseller planning to create another search engine, ”he added. “Domino’s India joins a string of hacking incidents involving Indian companies in the recent past including Bigbasket, BuyUcoin, JusPay, Upstox and others. There needs to be more focus on cybersecurity – based on our research on average, an organization in India was attacked 1681 times per week in the last 6 months. This is more than 2.5 times higher than the world average of 667 attacks worldwide, “said Sundar N Balasubramanian, Managing Director of Check Point Software Technologies, India and SAARC. The alleged breach at Domino’s once again highlights the lack of legal and operational remedies available to Indians if their data is leaked online. India does not yet have specific legislation dealing with user data breach cases or related criminal actions. The Personal Data Protection Bill, which is proposed to deal with such data breach cases, has been pending in Lok Sabha since 2019. “Customers should be informed of the violation and provide the means to protect themselves against future misuse of their personal data and their credit card data. Organizations in India must be made responsible for such violations with sufficient financial implications , making data security a top priority in every business, ”said Sonit Jain, CEO of cybersecurity firm GajShield Infotech. The alleged breach of data in MobiKwik would have affected the data of 3.5 million users, exposing KYC documents such as addresses, phone numbers, an Aadhaar card, PAN card, etc. The data size was 8.2 TB. MobiKwik denied the violation. Earlier this month, Facebook and LinkedIn also saw data leaks from millions of users, including Indian user data. Although both admitted that customer data was leaked, both said it was not hacked from their systems, but had been deleted. It means using an app to extract valuable information from a website.







