If you think pineapple pizza is unappetizing, try pizza served with some spam.
Domino’s Pizza Australia has disclosed that a data breach at one of its former third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.
In a statement on its website, Domino’s acknowledges that an unspecified number of customers have contacted the company to complain of an unauthorized email campaign. The pizza chain does not identify the specific supplier at fault for the breach, but states that compromised data may include names, email addresses, and the suburbs where customers had their pizzas delivered.
The chain’s account jibes with an Oct. 18 article in the Sydney Morning Herald, which reports that since at least late September, customers have received phishing emails using their names and the suburbs where they placed their orders. The news outlet said that these emails typically state something like: “Tim, it is Sarah, are you in Rozelle?” or “What’s up? Tim, it’s Jess from Rozelle, my new email address.”
Customers have reportedly been complaining on social media that Domino’s did not contact them about the third-party breach. The company defends its overall actions in its online statement: “Domino’s acted quickly to contain the information when it became aware of the issue and has commenced a detailed review process,” the statement reads. “Ongoing testing has confirmed our systems are secure and at no time has customer financial information (including credit cards) or passwords, been accessed or compromised.”
Domino’s noted that it is engaging with the Office of the Australian Information Commissioner, and is collaborating with cybersecurity professionals to work with suppliers on protecting information.
The company also stated that customers do not have to update their passwords, but added that they should not click on any links in the spam emails.