What some hackers lack in pizzazz, they make up for in pizza: A hacker group called Rex Mundi (King of the World) claims to have broken into Domino's databases in France and Belgium and stolen approximately 650,000 customer records, including full names, email addresses, home addresses and account passwords, and possibly even pizza-delivery instructions and favorite toppings.
The saucy hackers have also dished up an ultimatum, saying they'll post the stolen records online unless Domino's Pizza pays a ransom of €30,000 (just under $40,680 in U.S. dollars).
Credit-card information is apparently not included in the breach, which totals 592,000 French customers and 58,000 Belgian customers. However, cybercriminals could use the leaked names and email addresses to conduct phishing attempts. Worse, the affected customers' friends will know that they order from Domino's.
Rex Mundi says that Domino's has until 8 p.m. Central European Time (2 p.m. EDT) today (June 16) to pay the ransom, or the group will post the stolen customer records online. However, Domino's Pizza Netherlands chief executive Andre ten Wold told told Belgian business newspaper De Standaard that the company would not be acquiescing to the hackers' demands.
"There are clear indications that something is broken on our server. The information contained in them is protected," ten Wold said.
Rex Mundi says it first contacted Domino's with its threats on June 10. In its ransom demand posted online, the group included what it claims are sample user accounts from the French and Belgian databases.
If you have a Domino's online account, you should change your password immediately, even though that's not sure to help, as it's unclear how Rex Mundi got into Domino's database in the first place. You should also change your password on any other online account on which you use the same password.
All Internet users, but Domino's customers in France and Belgium especially, should also be extra-alert for possible phishing emails, or emails crafted to look official that attempt to trick users into disclosing their personal information.