Application security, Breach, Threat Management, Data Security, Malware, Phishing

Spammed in 30 minutes or less: Domino’s Australia warns of email campaign, third-party breach

If you think pineapple pizza is unappetizing, try pizza served with some spam.

Domino's Pizza Australia has disclosed that a data breach at one of its former third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

In a statement on its website, Domino's acknowledges that an unspecified number of customers have contacted the company to complain of an unauthorized email campaign. The pizza chain does not identify the specific supplier at fault for the breach, but states that compromised data may include names, email addresses, and the suburbs where customers had their pizzas delivered.

The chain's account jibes with an Oct. 18 article in the Sydney Morning Herald, which reports that since at least late September, customers have received phishing emails using their names and the suburbs where they placed their orders. The news outlet said that these emails typically state something like: "Tim, it is Sarah, are you in Rozelle?" or "What's up? Tim, it's Jess from Rozelle, my new email address."

Customers have reportedly been complaining on social media that Domino's did not contact them about the third-party breach. The company defends its overall actions in its online statement: "Domino's acted quickly to contain the information when it became aware of the issue and has commenced a detailed review process," the statement reads. "Ongoing testing has confirmed our systems are secure and at no time has customer financial information (including credit cards) or passwords, been accessed or compromised."

Domino's noted that it is engaging with the Office of the Australian Information Commissioner, and is collaborating with cybersecurity professionals to work with suppliers on protecting information.

The company also stated that customers do not have to update their passwords, but added that they should not click on any links in the spam emails.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.