Domino's - Potential Data Breach?

JSQUARED on 07/10/2017 - 21:03
Last edited 18/10/2017 - 21:55 by 1 other user

Domino's is one of the most popular stores here on OzBargain. Leaving that aside though, I suspect they might have experienced been a data breach given the few strange spam emails I've received directly in my inbox.

I've received a few emails from comcast.net email addresses (since the end of last month), from a "Sarah [X]", on a few email addresses in which I've used to order from Domino's.

The emails go along the lines of:

<greeting> <name>, are you around <location>?

For location, the email has quoted stores I've ordered from previously.

There are also a few confirmations on Whirlpool about this too. Have any of you fellow OzBargainers received these emails?

Update 18/10/17

Reddit - you've ordered with Dominos, your personal data's been stolen
News.com.au
Business Insider
SMH
Guardian

General Discussion

Related Stores

Domino's
Domino's

Comments

  • 777 on 07/10/2017 - 21:12
    +8

    Yup can confirm I have an email from Sarah as well

  • 777 on 07/10/2017 - 21:15

    Added it straight to spam,wondering if it sort of third party opt in lucky draws scammers

  • jason101 on 07/10/2017 - 21:18
    +1

    Yes, I have received as well, Sarah from xx, where xx= the 2 Dominos store locations I've historically ordered from. One of the locations I haven't ordered from for around 12 months.

  • Apple96 on 07/10/2017 - 21:27

    Ive been getting those too

  • toasty on 07/10/2017 - 21:32
    +8

    Yep, got these too and reported them to Australian Cybercrime Online Reporting Network (ACORN). Nice work figuring out the source of the data breach JSQUARED.

    • JSQUARED on 07/10/2017 - 23:10
      +3

      Thanks - as soon as I had two separate emails quoting the two different stores I ordered from I suspected it had to be Domino's related.

  • AlienC on 07/10/2017 - 21:34

    Yep me and Sarah have been in communications.. no reply though yet :(

    • [Deactivated] on 07/10/2017 - 21:41

      Sarah and I

      • rompastompa on 07/10/2017 - 21:44
        +23

        OK, Sarah and Drew22 have been in communications..

      • moocher on 09/10/2017 - 13:49
        +1

        If only your username was Duck

        moocher on 09/10/2017 - 13:49 (Collapsed - Offtopic. Show)
    • Yummy on 08/10/2017 - 03:13

      Something About Sarah.

      Funny movie.

  • Pinchie on 07/10/2017 - 21:43
    +2

    Oh crap, is that what those are from? Any word from Dominos? The ones I've received match the two stores I order at.

  • enzioFirenze on 07/10/2017 - 22:13
    +2

    I always use [email protected] as my email address lol!

  • Neoika on 07/10/2017 - 22:17

    Got Jen from comcast.net

  • airzone on 07/10/2017 - 22:23
    +1

    Mandatory notification of data breach laws kick in next year, I believe… So you probably won't hear anything from Dominos.

  • qwerty on 07/10/2017 - 22:40

    Yep same here, Local dominos store and the persons name when ordering . Probably have my phone number in the breach as well makes me more likely to get local pizza or pizza hut .

  • indium on 07/10/2017 - 22:57
    +4

    I'm glad you posted this! I was going to post about it but thought people may ask me to remove my tin foil hat. I very rarely use both my email addresses for a single site but domino's is one of them and both email addresses have been receiving these messages. What really tipped me off though is that I sometimes use an alternative name for ordering pizza and received one addressed to this alternative name.

  • xuqi on 07/10/2017 - 23:48
    +6

    You should all go post about this on their Facebook and Twitter feeds to see whether they'll own up to it.

  • naive on 08/10/2017 - 01:29
    +4

    I am receiving the same emails from Sarah on all the email addresses, I've used for Dominos in NZ.

    Also, she/he is referring to my old address, which was close to dominos in Christchurch ( Rolleston). When I tried to ask where my details are taken from, they started sending spam :(

    I am so disappointed from Dominos, never going to order again, and thanks for figuring it out!

  • chalmo on 08/10/2017 - 06:30

    Yep, another confirmation here, looks like they started ~2 weeks ago.

  • Belistic on 08/10/2017 - 08:25

    Thank you, I had no idea how I received these emails.

    When I asked how she knew me, I got "(my name), baby, contact me on This site (russian site)

    Do not send more emails, if my husband read it he will kill me !"

  • Densor on 08/10/2017 - 09:13

    I thought I was getting an email from an old school friend in my old country town. Now it appears it's just because I ordered Dominos last time I visited. I haven't received any relating to my current home in the big smoke. I haven't ordered in the old town for at least 12 months so it must be an older database.

  • [Deactivated] on 08/10/2017 - 09:43
    +1

    Wait, these are to do with dominos? I've got a few emails like this, I just thought Sarah really wanted to talk to me… xD

    • holdenmg on 08/10/2017 - 10:12
      +1

      I thought Sarah was using you to get to me.

      Sarah sounds high maintenance and needy.

      Avoid. lol

  • live4bargain on 08/10/2017 - 10:50

    I have also received this email.
    Glad to know how I'd gotten the email - here I was blaming taco bill!

    • holdenmg on 08/10/2017 - 10:55

      Well, I didn't put it together, [insert suburb here] and Domino's, but now it all makes sense.

      Personally I think "Sarah" was living on the Cheese Crust edge and now having to deal with smaller sized Pizza's and Pepsi, this has tipped her over…

      Get some help "Sarah".

  • taurenpally on 08/10/2017 - 11:05

    no email for me.

    Did you guys enter the draw for whatever prize it was at the end of placing ur order online?

    I did that once and yeah got heaps of spam around the start of the year

    • HeWhoKnows on 08/10/2017 - 15:34
      +1

      Avoid all such competitions!

    • paulieau on 09/10/2017 - 06:33

      I got the emails from Sarah quoting 2 Domino's locations I'd ordered from and I never enter those competitions at the end of the order. I was originally blaming Facebook haha

    • cuteseal on 09/10/2017 - 09:54

      Yeah I saw this one too - tick a privacy box and click submit to enter a draw for $30,000.
      I noped out of there - ain't falling for that…

  • No on 08/10/2017 - 11:31

    I haven't received one on my dominos email but I did get one on the email address I only use for Dan Murphys also from a comcast address that included my first name:

    <My first name>, what's new?
    Bentley?

    Bentley is a few suburbs over.

    • No on 08/10/2017 - 18:22

      Just realised I may have used this email address for domino's as well (sorry Dan Murphys!).

      Bentley is the Dominos store I used to go to.

  • Placebo on 08/10/2017 - 13:04

    Yup, I've received two e-mails from Sarah. They were sent to my email address, asking for my partner by name. He has ordered for us before in his name with my email address. Good to know where it started. Good work OP.

  • MasterNoob on 08/10/2017 - 14:40

    Times haven't been this dark since the PSN breach.

  • HeWhoKnows on 08/10/2017 - 15:30

    Ah yes. Me too! That explains it. Thank you very much

  • snappy1234 on 08/10/2017 - 15:45

    Me 3 (actually 3 separate emails too !)

    Didn't bother opening after reading this post.

    (google had marked as spam already)

  • whooah1979 on 08/10/2017 - 16:23
    -4

    Serves you guys right for eating that junk.

  • cassidy02 on 08/10/2017 - 16:47

    Yep, 'Sarah' has emailed my partner twice.

  • k15866 on 08/10/2017 - 19:57

    wow I cant believe I actually found this forum topic on a google search…didn't pick that it was a dominos link and was trying to investigate why I recieved an email by name on a dud email account. props to jsquared

  • paulieau on 09/10/2017 - 06:35

    Great work op, I've been racking my brain trying to figure out how these spam emails had 2 locations I frequent. I was originally blaming Facebook!

  • furys12 on 09/10/2017 - 09:02
    -3

    Why is this a breach and not just domino's selling data?, which i'm sure they are allowed to per their T&Cs that no one has read, its pretty standard though

  • mubd1234 on 09/10/2017 - 17:49

    Yes, I got an email from a 'Sarah' from a Comcast email address and 'Jen' from an AOL email address.

  • JSQUARED on 09/10/2017 - 19:28

    Thanks for the responses everyone. Apparently this was due to an "issue with a former supplier’s systems".

    Media release - but only to New Zealand:
    https://www.dominos.co.nz/inside-dominos/media/october-2017-…

    News articles - again only for New Zealand:
    http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&o…
    https://www.stuff.co.nz/business/industries/97683139/spammer…
    http://www.newshub.co.nz/home/money/2017/10/domino-s-custome…

  • kipps on 10/10/2017 - 07:46

    Dominos is not responsive to this on Twitter, and claim there is no evidence of a breach. It might be time to go to the media.

    • xuqi on 10/10/2017 - 16:44

      They did reply to someone on their Australian Facebook site blaming a supplier, similar to what their NZ entity has posted on their site:

      https://www.facebook.com/DominosAustralia/posts_to_page/

      "Domino's Australia Hi Jesse, We take the security and privacy of customer information seriously; there is no evidence to suggest that there has been unauthorised access to Domino’s systems. An ongoing investigation has confirmed our systems are secure and at no time has customer financial information (including credit cards) or passwords, been accessed or compromised.
      Domino’s acted quickly to contain the information when it became aware of the issue and has commenced a detailed review process.
      We are investigating a potential issue with a former supplier’s systems that may have led to a number of customer email addresses, names and store suburbs (related to pizza orders) being accessed.
      We apologise to customers who may have received any unsolicited emails as a result of this unauthorised access through the former supplier and recommends customers do not engage or respond to these emails.

      A free 1800 number has been established for any concerned customers to reach a Domino’s team member on 1800 805 888 or email [email protected] to discuss any questions they may have.

      Thanks, Lou

      Jesse Kelly I hope no other info was beached, luckily for me I use PayPal or cash on pickup. The personalized spam is a little worrying. "<greeting> <my name>, are you around <my location>?". These began over a week ago for me, I would of thought some sort of public announcement to ensure customers data is safe and not to respond to these emails would of been published as they do not get picked up by standard spam filtering.

      Domino's Australia Hi Jesse, kindly send through the sample emails to [email protected] and kindly indicate your email address and contact number. Thanks, Lou

      • kipps on 10/10/2017 - 20:16

        It is simply untrue to suggest there is no evidence of a breach when the evidence presents in the form of numerous users confirming that unique data they have only given to Dominos has fallen into the hands of scammers.

        That is a breach.

        It is very simple.

        Dominos should stop covering its ass and admit that this is unacceptable.

        • chumlee on 12/10/2017 - 08:14

          Report it to the Privacy Commissioner if concerned

  • [Deactivated] on 10/10/2017 - 20:39

    I got this email too

  • Food on 11/10/2017 - 00:48

    Have gotten two emails in the space of around half a week. Very concerning

  • kiitos on 11/10/2017 - 21:03

    I've received them too a number of times over the past months - damn Domino's!

  • [Deactivated] on 12/10/2017 - 08:10

    +1 but only a fake name I used in a NZ location.

  • shoppingbag on 13/10/2017 - 14:54

    Damn, Sarah is so needy. Not only had she contacted me, she even tries to contact u lot too and who know who else.

    Well, I been giving her the silent treatment,..

  • Heraface on 14/10/2017 - 00:54

    I also received emails from Sarah on two different email accounts. I specifically used both of these addresses to order Dominos so I'm certain it's coming from Dominos. Thanks for the information! I was so confused at first

  • ilovepizza on 15/10/2017 - 20:24
    +1

    Wait so sarah has been cheating on me?

  • breadylonglegs on 17/10/2017 - 18:58
    Merged from Domino's Australia: personal data stolen

    Saw this thread on reddit in /r/Australia two hours ago, it was concerning to me and I would imagine it would be concerning to all Domino's lovers here too.

    I've been getting lots of emails from "Sarah" and "Jess" lately. They all know my name, email address and places close to where I live. Those places >turned out to be Dominos stores I've ordered at.

    Example emails:

    Mark, it is Sarah, are you in Warnersbay?

    What's up? Mark, it's Sarah from Swansea, my active e-mail.

    Mark, Hello, it's Jess! Do you live in Warnersbay?

    Today I called Dominos corporate (07 3633 33 33) and expressed my concerns to the lady who picked up, and she was clearly familiar with the issue. She >had a guy called Nathan call me back, who:

    • Confirmed that they had passed on my details to a secondary "supplier" company, who had been hacked
    • Would not tell me who that company was
    • Would not say why the "supplier" had that data
    • Would not say whether that data was transferred or sold
    • Confirmed they were investigating the issue with "experts"
    • Informed me that they had made a public release in the form of a Facebook post, and had no further plans to announce the breach at this point (waiting >on the "Experts")
    • Disclosed they had no intention to email affected customers to inform them of the breach when discovered, or at this point
    • Confirmed they were no longer using the affected supplier
    • Had no indication of whether a public statement would be made outside of social media or customers would be contacted at the conclusion of the "expert" >*investigation (he really loved the 'e' word)
    • Confirmed no payment details had been stolen.
    • Confirmed the details alleged (name, email, ordering store) had been stolen
    • Was waiting on (you guessed it) the "experts" to confirm other data that was or was not available to the supplier, and consequently stolen.

    If you're concerned, it's worth emailing [email protected] to:

    *Get full disclosure of any details they have about you
    *Request your data be removed, if you wish
    *Ask why the hell they didn't bother telling you

    See thread: https://www.reddit.com/r/australia/comments/76wi34/if_youve_…

  • djones145 on 17/10/2017 - 21:18

    Please forward this to smh

  • Jaded on 18/10/2017 - 08:48

    So I'm wondering if this is why someone was able to steal my email account last week - they contacted telstra and reset my password + got my steam account. My CC was also blocked by the bank for being potentially compromised. Oh well, teach me to trust even a pizza place haha

  • shapers on 20/10/2017 - 13:49

    Domino’s Australia has suggested an online rating system is likely the reason behind a data hacking scandal that resulted in customers being inundated with "eerie" emails.
    Read more

    • TransportPosters on 27/10/2017 - 08:29

      It's good they acted quick to terminate their use of the supplier of that system.

      I'm starting to get these emails again this morning.

  • 17833 on 28/11/2017 - 08:28

    Some further info published in fairfax papers today http://www.theage.com.au/technology/consumer-security/reveal…

  • Rick Sanchez on 27/12/2017 - 12:48
    +1
    Merged from Domino's Data Breach - Update

    As we all know Dominoes had a data leak a couple months ago. I have still been getting spam emails since then.

    I know - my mistake for having trusted Dominoes with my email address - however I was wondering if there was an outcome from the incident? Or if there were any ongoing ACCC (or similar) investigations underway?

    I definitely do not think the incident was handled properly by Dominoes, and was 'swept under the carpet'.

    Thanks in advance for your inputs :)

    • CyberMurning on 27/12/2017 - 12:51

      'my mistake for having trusted Dominoes with my email address "
      you trusted ozb? nothing is safe once you connected to internet. someone somewhere is watching us

      • hogwarts on 27/12/2017 - 13:08
        +1

        I'm watching you right now because I'm a WIZARD :P

        I know that your username is dragonindespair and your profile is a dragon.

        • Rick Sanchez on 28/12/2017 - 10:46

          Dear mr WIZARD friend please kindly find my offer of $10,000,000.00 muggle dollars for future business partnership. Please I do hereby wish to transfer you the funds urgently so kindly provide account details so my lawyer can transfer the funds of $3 million euro.

      • Rick Sanchez on 28/12/2017 - 10:49

        I actually feel like my 'spam' email is safer with Ozbargain than my main email with anyone else.
        But yeah, watch me all you want, just please don't spam me.

    • JimmyF on 27/12/2017 - 13:56

      however I was wondering if there was an outcome from the incident?

      What are you waiting to happen? It was reported, you know about it, they fixed the issue.

      • Rick Sanchez on 28/12/2017 - 10:41

        I didn't receive any email from Dominoes, and I keep getting spam from their leak. Definitely was not aware that they had fixed any issue.

        • retiredfeline on 28/12/2017 - 10:55
          +2

          Once your email address has been stolen by spammers there is nothing Dominoes can do about it. That's why you need a decent mail provider with good spam blocking. Gmail is good, Hotmail decent, and Yahoo the back of the pack.

        • JimmyF on 28/12/2017 - 20:02

          @greenpossum: Agreed, once the genie is out of the bottle, you can't put it back in again!

          OPs SPAM could be coming from one of 'many' leaks that have happened.

  • indium on 30/12/2017 - 14:00

    Is anyone receiving phone calls from +43720880794? They called me a few times but missed the calls then when I answered they asked if I was my fake Domino's name, I said they had the wrong number and they hung up.

  • TransportPosters on 11/02/2018 - 20:18

    Just this morning I received another email from Jessica asking about my suburb.

    I didn't see the email until the afternoon and I had actually ordered from Domino's around midday, so thought it was quite a coincidence, but that's all it was since the email came in the morning.

Login or Join to leave a comment
Login Join