A user on a famous Underground Hacker Forum had posted 7.5 GB of HDFC Bank data that allegedly includes full names, email addresses, physical addresses, and sensitive financial data, according to the user.
Jubilant Foodworks that owns the master franchise for Domino’s Pizza in India on Tuesday said that although it experienced an information security incident, no financial data like credit card details of its users in the country were leaked on the Dark Web.
On Sunday, Alon Gal who is CTO of cyber security firm Hudson Rock, claimed that credit card details of nearly 10 lakh people who purchased online on Domino’s Pizza India are allegedly being sold for over Rs 4 crore on the Dark Web.
A Jubilant FoodWorks spokesperson told IANS that the company experienced an information security incident recently.
“No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact,” the spokesperson added.
“As a policy, we do not store financial details or credit card data of our customers, thus no such information has been compromised”.
According to Gal, the threat actor is looking for around $550,000 (approximately Rs 4 crore) for the database and saying they have plans to build a search portal to enable querying the data.
“Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details and a whopping 1,000,000 credit cards,” Gal claimed in a tweet.
“Plenty of large scale Indian breaches lately, this is worrying,” he added.
Jubilant FoodWorks said their team of experts is investigating the matter and “we have taken necessary actions to contain the incident.”
“The news about financial data being leaked is totally incorrect. Also, as per leading cyber security researchers, there is no financial data visible on the Dark Web,” the company said.
Independent cyber security researcher Rajshekhar Rajaharia had told IANS that he alerted about this possible hack to the CERT-in (India’s national cyber defence agency) on March 5.
There have been a string of hacking incidents involving Indian firms in the recent past, including Bigbasket, BuyUcoin, JusPay, Upstox and others.