A hacker group called Rex Mundi has obtained the records of more than 600,000 Domino's Pizza customers in France and Belgium and are threatening to publish the information online if a €30,000 (approximately $40,800 USD) ransom isn't paid.
According to the Telegraph, "the data includes customers' names, addresses, phone numbers, email addresses, passwords and delivery instructions—as well as their favourite pizza toppings."
Rex Mundi claims to have acquired "some juicy stuff" amongst the data of French and Belgian pizza eaters. From a cached forum post allegedly written by the group:
Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).
But according to Andre ten Wold, chief executive of Domino's Pizza, customer's financial data is safe. "There are clear indications that something is broken on our server. The information contained in them is protected," he told Dutch paper De Standaard. "Financial data, such as credit cards, has not been stolen."
Another Domino's executive, Andrew Rennie, told the Financial Times that the company won't pay the ransom. "We refuse to be extorted and we are not going to play that game," he said. "It cannot be good for anybody if companies pay ransoms. We have to take a stance on this."
This is isn't the first time Rex Mundi has stolen customer records: In 2012, The group published the data obtained from online loan applications to AmeriCash Advance.
[H/T The Wire; Image via Getty]