Domino's Pizza delivers user details to spammers

I’ll have a garlic bread, a Supreme and a side of privacy breach by slack partners


Domino's Pizza's Australian outpost has blamed a partner for a security breach, after angry customers went online complaining about finding themselves on spam lists.

The company owned up to the breach after Redditor “Pinchie McPinch” complained about receiving e-mails from “Sarah” and “Jess”.

What tipped Pinchie that the data may have come from the pizza chain was that the spammers were referring to his/her favourite Domino's locations to make the approaches look more plausible.

Domino's acknowledged the breach and said it is investigating what happened. The company blamed the breach on an unnamed “former” supplier.

The company's statement says the breach was limited to “email addresses, names and store suburbs (related to pizza orders) … at no time has customer financial information (including credit cards) or passwords, been accessed or compromised.”

The statement added that the company will “work closely with the relevant privacy authorities in Australia.”

Electronic Frontiers Australia board member Peter Tonoli isn't satisfied with Domino's handling of the situation:

It seems the unnamed supplier was a trans-Tasman operation, since last week similar complaints emerged in New Zealand.

The Register has asked Domino's for comment. And a Supreme for lunch, plus a Coke Zero.* ®

*Not really.

Update: A Domino's spokesperson has sent a statement to The Register which mostly reproduces what is on its Website, but which confirms it has notified the Office of the Australian Information Commissioner of he breach.


Keep Reading

Privacy Shield binned after EU court rules transatlantic data protection arrangements 'inadequate'

The spice data must flow (and it will – just through SCCs)

Tony Blair tells Russian infosec conference that cross-border infosec policies need more gov intervention

Just what Vladimir Putin's favourite bank wanted to hear, no doubt

Sunday: Australia is shocked UK would consider tracking mobile data to beat pandemic. Monday: Australia to deploy drone intimidation squads

Updated Bloody poms are full of great ideas

Privacy watchdogs from the UK, Australia team up, snap on gloves to probe AI-for-cops upstart Clearview

Investigation follows Canada's decision to give image-scraping biz the boot

Australia sues Google over data collection practices that merged DoubleClick data to create single user profiles

Alleges opt-in that promised “more control” actually sent more data without informed consent. Google 'strongly disagrees'

BRICS bloc – home to 40 percent of humanity – wants to drive global e-commerce consumer protection rules

China has the giant e-tailers, India has the customers, Brazil, Russia and South Africa are aboard

Pot, meet kettle: Google claims Australia's pay-for-news plan could see personal data put to nefarious uses

YouTubers advised of opportunity to ‘get involved’ in some kind of push-back

UK.gov admits it has not performed legally required data protection checks for COVID-19 tracing system

No evidence of data being used unlawfully, says health department

Biting the hand that feeds IT © 1998–2020