Domino’s Australia is blaming a former supplier for a potential leak of customer information which ended up being used in spam emails.
The company said it has contacted the Australian Information Commissioner and confirmed that its own systems are secure.
A note from group CEO, Don Meij, had the following:
“Over the course of the last couple of weeks a number of our customers have reported that they have received unsolicited (or ‘spam’) emails from unknown third parties. Customers are being directly addressed by their first name and are being asked to confirm the suburb that they live in.
"This is the type of information that is contained in an online rating system managed by a former supplier, which suggests this may have been the source of the information. We are continuing to investigate this.”
The firm explained that the information potentially leaked by this third party did not include financial information but most likely did feature: Domino’s store name, customer order name and customer email address.
It’s most likely that the scammers are looking to harvest more information via phishing emails to sell online or use to commit identity fraud.
Domino’s urged users not to click on links or open attachments in such unsolicited emails, to delete without replying and to ensure anti-malware protection is up to date.
“Fraudsters can readily correlate their location, email addresses and names with other information that’s either already publicly available or available from previous breaches, for phishing attacks etc. to support viable identity theft for credit accounts, personal loans, etc,” NuData Security director, Lisa Baergen, warned.
“This is why advanced, integrated multi-layered authentication solutions incorporating passive behavioral biometrics are being increasingly adopted by top banks and payment processors, major merchants, and others.”