19 October 2017
To our valued customers
Over the course of the last couple of weeks a number of our customers have reported that they have received unsolicited (or ‘spam’) emails from unknown third parties. Customers are being directly addressed by their first name and are being asked to confirm the suburb that they live in.
This is the type of information that is contained in an online rating system managed by a former supplier, which suggests this may have been the source of the information. We are continuing to investigate this.
We understand that receiving an unknown email from a third party asking these details in this manner can be confronting and we share your concern about this.
We took immediate action to launch an investigation as soon as we became aware of an issue. We are doing everything in our power to advance our investigation as quickly and as thoroughly as possible.
Our customers have questions and we take these seriously so we have set up dedicated webpages for Australia and New Zealand (see the below FAQs) to help provide as much information as possible. Most importantly, we have outlined specific steps that our customers should take if they receive an unsolicited email.
We take the privacy of our customers very seriously. We also understand how frustrating receiving spam emails can be and we want to thank our customers for their patience and understanding while we continue to investigate this incident.
Please continue to check back here for more information.
Group Chief Executive Officer and Managing Director
Domino’s Pizza Enterprises Limited
Recently, we became aware of a potential security incident when a number of our Australian and New Zealand customers reported that they had received a spam email from a third party.
Upon being notified of this, we immediately commenced an internal investigation to identify how this may have occurred, and immediately engaged an experienced cyber security and forensic organisation to assist.
Although our investigation is ongoing, at this stage we have found no evidence to suggest that there has been any unauthorised access to Domino’s systems.
Thank you to our customers who have contacted us as your feedback has greatly assisted with our investigation.
What information was accessed?
We can confirm that Domino’s does not store payment card information (credit card) on its systems and that no financial data was accessed in this incident.
No account information or passwords have been accessed. Based on what is currently known, we can confirm that the following information was likely accessed:
As mentioned above, this is the type of information that is contained in an online rating system managed by a former supplier which suggests this may have been the source of the information. We are continuing to investigate this.
What actions are you taking?
We understand that spam emails are frustrating and annoying and we apologise for any inconvenience that it causes you.
Our immediate priority is ensuring that the privacy of your customer information is protected.
We are conducting a thorough internal review to ensure that no customer information stored on Domino’s systems has been impacted by this incident. We are also working with our former supplier to investigate this incident.
Up until recently, we have been contacting all customers who have reported this incident to us on an individual basis. However, over the last couple of days we have received a large number of inquiries from customers through email, social media and via our contact centre. This has caused a delay in our ability to directly respond.
While we aim to respond to every one of our customers individually, in the meantime we have created this dedicated webpage to ensure that all of our customers are provided with the same information about this incident at the same time.
How does this incident affect me?
You may receive an unsolicited email from a third party asking you to confirm if you live in a particular suburb. This suburb is not likely to be the suburb in which you live but rather is the suburb of a Domino’s store where you purchased food.
We appreciate that such direct questioning can be confronting however this email has been designed by a spammer to encourage you to respond in some way. You should not respond.
If you receive such an email, we recommend that you:
We confirm that you do not need to update your Domino’s account details or passwords.
Do you know who the sender of the email is?
Although we are investigating this we may not be able to establish the true identity of the email source as these activities are generally carried out anonymously. If we obtain evidence of the unauthorised individuals’ identity, we will immediately inform the relevant law enforcement authorities.
Was this incident reported to the relevant Privacy regulators?
Early on we notified both the Office of the Australian Information Commissioner and Office of the Privacy Commissioner in New Zealand of this incident and continue to fully engage with these agencies.
Is it safe to use the Domino’s websites?
As part of our review we have confirmed that our internal systems are secure and that the Domino’s websites are safe to use. As with all spam activity, there is a heightened risk of people setting up fake webpages associated with Domino’s, however be reassured that Domino’s remains on high alert and will be closely monitoring any suspicious activity.
What do I need to do now?
If you receive an unsolicited email mentioned above, we recommend that you take the steps above. You should never respond to an email if you do not recognise the sender.
If you have not received an unsolicited email, then you may not be affected by this incident. However, we recommend that you continue to monitor your email account for any unsolicited emails as a precaution and take the steps mentioned above.
Who do I speak to for more information?
Australian customers can contact a Domino’s team member via:
New Zealand customers can contact a Domino’s team member via:
For other enquiries please contact Domino’s Head Office:
PublicWebsiteResponsive V1.0.0-(0.0.0.0) [RD000D3AA02AC6 - 100.76.26.88 - SEA]