Domino's - Potential Data Breach?

Domino's is one of the most popular stores here on OzBargain. Leaving that aside though, I suspect they might have experienced been a data breach given the few strange spam emails I've received directly in my inbox.

I've received a few emails from comcast.net email addresses (since the end of last month), from a "Sarah [X]", on a few email addresses in which I've used to order from Domino's.

The emails go along the lines of:

<greeting> <name>, are you around <location>?

For location, the email has quoted stores I've ordered from previously.


There are also a few confirmations on Whirlpool about this too. Have any of you fellow OzBargainers received these emails?


Update 18/10/17

Reddit - you've ordered with Dominos, your personal data's been stolen
News.com.au
Business Insider
SMH
Guardian

Related Stores

Domino's
Domino's

Comments

  • +8

    Yup can confirm I have an email from Sarah as well

  • Added it straight to spam,wondering if it sort of third party opt in lucky draws scammers

  • +1

    Yes, I have received as well, Sarah from xx, where xx= the 2 Dominos store locations I've historically ordered from. One of the locations I haven't ordered from for around 12 months.

  • Ive been getting those too

  • +8

    Yep, got these too and reported them to Australian Cybercrime Online Reporting Network (ACORN). Nice work figuring out the source of the data breach JSQUARED.

    • +3

      Thanks - as soon as I had two separate emails quoting the two different stores I ordered from I suspected it had to be Domino's related.

  • Yep me and Sarah have been in communications.. no reply though yet :(

    • Sarah and I

      • +23

        OK, Sarah and Drew22 have been in communications..

      • +1

        If only your username was Duck

    • Something About Sarah.

      Funny movie.

  • +2

    Oh crap, is that what those are from? Any word from Dominos? The ones I've received match the two stores I order at.

  • +2

    I always use [email protected] as my email address lol!

  • Got Jen from comcast.net

  • +1

    Mandatory notification of data breach laws kick in next year, I believe… So you probably won't hear anything from Dominos.

  • Yep same here, Local dominos store and the persons name when ordering . Probably have my phone number in the breach as well makes me more likely to get local pizza or pizza hut .

  • +4

    I'm glad you posted this! I was going to post about it but thought people may ask me to remove my tin foil hat. I very rarely use both my email addresses for a single site but domino's is one of them and both email addresses have been receiving these messages. What really tipped me off though is that I sometimes use an alternative name for ordering pizza and received one addressed to this alternative name.

  • +6

    You should all go post about this on their Facebook and Twitter feeds to see whether they'll own up to it.

  • +4

    I am receiving the same emails from Sarah on all the email addresses, I've used for Dominos in NZ.

    Also, she/he is referring to my old address, which was close to dominos in Christchurch ( Rolleston). When I tried to ask where my details are taken from, they started sending spam :(

    I am so disappointed from Dominos, never going to order again, and thanks for figuring it out!

  • Yep, another confirmation here, looks like they started ~2 weeks ago.

  • Thank you, I had no idea how I received these emails.

    When I asked how she knew me, I got "(my name), baby, contact me on This site (russian site)

    Do not send more emails, if my husband read it he will kill me !"

  • I thought I was getting an email from an old school friend in my old country town. Now it appears it's just because I ordered Dominos last time I visited. I haven't received any relating to my current home in the big smoke. I haven't ordered in the old town for at least 12 months so it must be an older database.

  • +1

    Wait, these are to do with dominos? I've got a few emails like this, I just thought Sarah really wanted to talk to me… xD

    • +1

      I thought Sarah was using you to get to me.

      Sarah sounds high maintenance and needy.

      Avoid. lol

  • I have also received this email.
    Glad to know how I'd gotten the email - here I was blaming taco bill!

    • Well, I didn't put it together, [insert suburb here] and Domino's, but now it all makes sense.

      Personally I think "Sarah" was living on the Cheese Crust edge and now having to deal with smaller sized Pizza's and Pepsi, this has tipped her over…

      Get some help "Sarah".

  • no email for me.

    Did you guys enter the draw for whatever prize it was at the end of placing ur order online?

    I did that once and yeah got heaps of spam around the start of the year

    • +1

      Avoid all such competitions!

    • I got the emails from Sarah quoting 2 Domino's locations I'd ordered from and I never enter those competitions at the end of the order. I was originally blaming Facebook haha

    • Yeah I saw this one too - tick a privacy box and click submit to enter a draw for $30,000.
      I noped out of there - ain't falling for that…

  • I haven't received one on my dominos email but I did get one on the email address I only use for Dan Murphys also from a comcast address that included my first name:

    <My first name>, what's new?
    Bentley?

    Bentley is a few suburbs over.

    • Just realised I may have used this email address for domino's as well (sorry Dan Murphys!).

      Bentley is the Dominos store I used to go to.

  • Yup, I've received two e-mails from Sarah. They were sent to my email address, asking for my partner by name. He has ordered for us before in his name with my email address. Good to know where it started. Good work OP.

  • Times haven't been this dark since the PSN breach.

  • Ah yes. Me too! That explains it. Thank you very much

  • Me 3 (actually 3 separate emails too !)

    Didn't bother opening after reading this post.

    (google had marked as spam already)

  • -4

    Serves you guys right for eating that junk.

  • Yep, 'Sarah' has emailed my partner twice.

  • wow I cant believe I actually found this forum topic on a google search…didn't pick that it was a dominos link and was trying to investigate why I recieved an email by name on a dud email account. props to jsquared

  • Great work op, I've been racking my brain trying to figure out how these spam emails had 2 locations I frequent. I was originally blaming Facebook!

  • -3

    Why is this a breach and not just domino's selling data?, which i'm sure they are allowed to per their T&Cs that no one has read, its pretty standard though

  • Yes, I got an email from a 'Sarah' from a Comcast email address and 'Jen' from an AOL email address.

  • Thanks for the responses everyone. Apparently this was due to an "issue with a former supplier’s systems".

    Media release - but only to New Zealand:
    https://www.dominos.co.nz/inside-dominos/media/october-2017-…

    News articles - again only for New Zealand:
    http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&o…
    https://www.stuff.co.nz/business/industries/97683139/spammer…
    http://www.newshub.co.nz/home/money/2017/10/domino-s-custome…

  • Dominos is not responsive to this on Twitter, and claim there is no evidence of a breach. It might be time to go to the media.

    • They did reply to someone on their Australian Facebook site blaming a supplier, similar to what their NZ entity has posted on their site:

      https://www.facebook.com/DominosAustralia/posts_to_page/

      "Domino's Australia Hi Jesse, We take the security and privacy of customer information seriously; there is no evidence to suggest that there has been unauthorised access to Domino’s systems. An ongoing investigation has confirmed our systems are secure and at no time has customer financial information (including credit cards) or passwords, been accessed or compromised.
      Domino’s acted quickly to contain the information when it became aware of the issue and has commenced a detailed review process.
      We are investigating a potential issue with a former supplier’s systems that may have led to a number of customer email addresses, names and store suburbs (related to pizza orders) being accessed.
      We apologise to customers who may have received any unsolicited emails as a result of this unauthorised access through the former supplier and recommends customers do not engage or respond to these emails.

      A free 1800 number has been established for any concerned customers to reach a Domino’s team member on 1800 805 888 or email [email protected] to discuss any questions they may have.

      Thanks, Lou


      Jesse Kelly I hope no other info was beached, luckily for me I use PayPal or cash on pickup. The personalized spam is a little worrying. "<greeting> <my name>, are you around <my location>?". These began over a week ago for me, I would of thought some sort of public announcement to ensure customers data is safe and not to respond to these emails would of been published as they do not get picked up by standard spam filtering.


      Domino's Australia Hi Jesse, kindly send through the sample emails to [email protected] and kindly indicate your email address and contact number. Thanks, Lou

      • It is simply untrue to suggest there is no evidence of a breach when the evidence presents in the form of numerous users confirming that unique data they have only given to Dominos has fallen into the hands of scammers.

        That is a breach.

        It is very simple.

        Dominos should stop covering its ass and admit that this is unacceptable.

        • Report it to the Privacy Commissioner if concerned

  • I got this email too

  • Have gotten two emails in the space of around half a week. Very concerning

  • I've received them too a number of times over the past months - damn Domino's!

  • +1 but only a fake name I used in a NZ location.

  • Damn, Sarah is so needy. Not only had she contacted me, she even tries to contact u lot too and who know who else.

    Well, I been giving her the silent treatment,..

  • I also received emails from Sarah on two different email accounts. I specifically used both of these addresses to order Dominos so I'm certain it's coming from Dominos. Thanks for the information! I was so confused at first

  • +1

    Wait so sarah has been cheating on me?

  • Merged from Domino's Australia: personal data stolen

    Saw this thread on reddit in /r/Australia two hours ago, it was concerning to me and I would imagine it would be concerning to all Domino's lovers here too.

    I've been getting lots of emails from "Sarah" and "Jess" lately. They all know my name, email address and places close to where I live. Those places >turned out to be Dominos stores I've ordered at.

    Example emails:

    Mark, it is Sarah, are you in Warnersbay?

    What's up? Mark, it's Sarah from Swansea, my active e-mail.

    Mark, Hello, it's Jess! Do you live in Warnersbay?

    Today I called Dominos corporate (07 3633 33 33) and expressed my concerns to the lady who picked up, and she was clearly familiar with the issue. She >had a guy called Nathan call me back, who:

    • Confirmed that they had passed on my details to a secondary "supplier" company, who had been hacked
    • Would not tell me who that company was
    • Would not say why the "supplier" had that data
    • Would not say whether that data was transferred or sold
    • Confirmed they were investigating the issue with "experts"
    • Informed me that they had made a public release in the form of a Facebook post, and had no further plans to announce the breach at this point (waiting >on the "Experts")
    • Disclosed they had no intention to email affected customers to inform them of the breach when discovered, or at this point
    • Confirmed they were no longer using the affected supplier
    • Had no indication of whether a public statement would be made outside of social media or customers would be contacted at the conclusion of the "expert" >*investigation (he really loved the 'e' word)
    • Confirmed no payment details had been stolen.
    • Confirmed the details alleged (name, email, ordering store) had been stolen
    • Was waiting on (you guessed it) the "experts" to confirm other data that was or was not available to the supplier, and consequently stolen.

    If you're concerned, it's worth emailing [email protected] to:

    *Get full disclosure of any details they have about you
    *Request your data be removed, if you wish
    *Ask why the hell they didn't bother telling you

    See thread: https://www.reddit.com/r/australia/comments/76wi34/if_youve_…

  • Please forward this to smh

  • So I'm wondering if this is why someone was able to steal my email account last week - they contacted telstra and reset my password + got my steam account. My CC was also blocked by the bank for being potentially compromised. Oh well, teach me to trust even a pizza place haha

  • Domino’s Australia has suggested an online rating system is likely the reason behind a data hacking scandal that resulted in customers being inundated with "eerie" emails.
    Read more

    • It's good they acted quick to terminate their use of the supplier of that system.

      I'm starting to get these emails again this morning.

  • Some further info published in fairfax papers today http://www.theage.com.au/technology/consumer-security/reveal…

  • +1
    Merged from Domino's Data Breach - Update

    As we all know Dominoes had a data leak a couple months ago. I have still been getting spam emails since then.

    I know - my mistake for having trusted Dominoes with my email address - however I was wondering if there was an outcome from the incident? Or if there were any ongoing ACCC (or similar) investigations underway?

    I definitely do not think the incident was handled properly by Dominoes, and was 'swept under the carpet'.

    Thanks in advance for your inputs :)

    • 'my mistake for having trusted Dominoes with my email address "
      you trusted ozb? nothing is safe once you connected to internet. someone somewhere is watching us

      • +1

        I'm watching you right now because I'm a WIZARD :P

        I know that your username is dragonindespair and your profile is a dragon.

        • Dear mr WIZARD friend please kindly find my offer of $10,000,000.00 muggle dollars for future business partnership. Please I do hereby wish to transfer you the funds urgently so kindly provide account details so my lawyer can transfer the funds of $3 million euro.

      • I actually feel like my 'spam' email is safer with Ozbargain than my main email with anyone else.
        But yeah, watch me all you want, just please don't spam me.

    • however I was wondering if there was an outcome from the incident?

      What are you waiting to happen? It was reported, you know about it, they fixed the issue.

      • I didn't receive any email from Dominoes, and I keep getting spam from their leak. Definitely was not aware that they had fixed any issue.

        • +2

          Once your email address has been stolen by spammers there is nothing Dominoes can do about it. That's why you need a decent mail provider with good spam blocking. Gmail is good, Hotmail decent, and Yahoo the back of the pack.

        • @greenpossum: Agreed, once the genie is out of the bottle, you can't put it back in again!

          OPs SPAM could be coming from one of 'many' leaks that have happened.

  • Is anyone receiving phone calls from +43720880794? They called me a few times but missed the calls then when I answered they asked if I was my fake Domino's name, I said they had the wrong number and they hung up.

  • Just this morning I received another email from Jessica asking about my suburb.

    I didn't see the email until the afternoon and I had actually ordered from Domino's around midday, so thought it was quite a coincidence, but that's all it was since the email came in the morning.

Login or Join to leave a comment