Hackers are seeking a relatively modest ransom from Domino's Pizza in Europe after claiming they stole more than 600,000 customer
records from the company's database.
The hackers seek 30,000 euros -- about $41,000 -- or they say they will release the personal details of the company's customers.
"We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones," claimed a group calling itself Rex Mundi. "That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, e-mail addresses, passwords and delivery instructions."
But Domino's is not so easily intimidated. In a published statement, the company said the data hacking is isolated to the Domino's franchise in France and Belgium, and no customer credit card or financial information was compromised.
"Domino's customers in the UK and Republic of Ireland are not affected by this incident," the company said. "The security of customer information is very important to us. We regularly test our UK Web site for penetration as part of the ongoing rigorous checks and continual routine maintenance of our online operations."
Ransom Techniques on the Rise
We caught up with Tim "TK" Keanini, chief technology officer at security software firm Lancope, to get his take on the Domino's event. He told us ransoming of all types, including ransomware, is on the rise because the invention of crypto currency like bitcoin allows hackers to be paid without compromising their anonymity.
"While retail has been in the news lately with a lot of data breaches, if you have a lot of personal data on people, the more people you have, the more attractive you are to these criminals," he said. "If you have not been hit yet, now is the time to prepare with an incident response readiness that will ensure business continuity. It is just a part of doing business in this age of the Internet."
What about Domino's in particular? Keanini said the pizza chain needs to treat this event as an ongoing business problem and not as a one-time event.
"They should provide leadership and expertise to all of their stores and deliver the operational visibility required to ensure early detection of this type of threat," he said. "While getting in again is likely, they must raise the cost to this adversary to hide and operate."
When Will We Learn?
We also turned to Mark Hickman, chief operations officer at encryption vendor WinMagic, to get his thoughts on the latest in a long string of breaches. He told us given all the news with various hacks, it shocking that many large brands have not done the right checks and balances to ensure the security of their data.
"Regardless of whether an encryption solution could have prevented this, the fact is that organizations need to take closer looks for holes in their security now more than ever," Hickman said. "It'd be disconcerting for customers and the organizations that this happens to, and reinforces the need for strong security best-practices."