Domino's Pizza's Australian outpost has blamed a partner for a security breach, after angry customers went online complaining about finding themselves on spam lists.
The company owned up to the breach after Redditor “Pinchie McPinch” complained about receiving e-mails from “Sarah” and “Jess”.
What tipped Pinchie that the data may have come from the pizza chain was that the spammers were referring to his/her favourite Domino's locations to make the approaches look more plausible.
Domino's acknowledged the breach and said it is investigating what happened. The company blamed the breach on an unnamed “former” supplier.
The company's statement says the breach was limited to “email addresses, names and store suburbs (related to pizza orders) … at no time has customer financial information (including credit cards) or passwords, been accessed or compromised.”
The statement added that the company will “work closely with the relevant privacy authorities in Australia.”
Electronic Frontiers Australia board member Peter Tonoli isn't satisfied with Domino's handling of the situation:
How about @Dominos_AU contact their customers about the privacy breach, instead of relying of customers unawareness of the problem? Asking customers to email Dominos is disingenuous and opaque #privacy #databreach @OAICgov pic.twitter.com/Bw6f5bezxZ— Peter Tonoli (@peter_tonoli) October 17, 2017
It seems the unnamed supplier was a trans-Tasman operation, since last week similar complaints emerged in New Zealand.
The Register has asked Domino's for comment. And a Supreme for lunch, plus a Coke Zero.* ®
Update: A Domino's spokesperson has sent a statement to The Register which mostly reproduces what is on its Website, but which confirms it has notified the Office of the Australian Information Commissioner of he breach.