This is not the first time that we have seen the breach of data of consumers online. Now coming to the latest news Domino's India is the latest victim of data breach that uncovered 18 crore pizza order details made via the Domino's service. The data breach was first spotted by Internet Security Researcher Rajshekhar Rajaharia that includes 130TB of employee data files and customer details. The hackers who are responsible for the data breach have also created a webpage on the dark web that can fetch the data simply by Searching for phone number or email address. The data is publicly available and anybody can easily search it out no special knowledge is needed. The worrying part of this data breach is that the people are using this data to spy on other people they have the access to view their last location and so on. The leaked information includes the details of some transactions which reveals the order delivery address, the date, the name, phone number and email ID of the customer, precise latitude and longitude coordinates of the address, total number of transactions and the total amount spent on transactions in Rupees.
Earlier in April, Alon Gal, CTO of cyber security firm Hudson Rock had brought the incident to light. He had said that the personal information of the users was being sold by hackers for around 10 BTC. Alon Gal had then reported that the hackers are planning to build a search portal to enable accessing the data.
The data that has allegedly been leaked include 10 lakh credit card details and even addresses of people who ordered Pizza from Dominos. However, Dominos India gave the statement and had denied leak of financial details of users.
Dominos is one of the most popular food service companies which is owned by Jubilant Food works. Dominos has its outlets in over 285 cities.
The latest news says that Jubilant Food work Limited, the company which operates Domino's Pizza stores in India that was hacked and leaked online the government informed Delhi High Court that the concerned departments have already blocked and removed the hacked URLs supplied to them.
Talking about how Indian laws deals with such matters, we will find that
Domino's company can be held liable under Information Technology Act ,2000 under section 43A and 72A.
The (Indian) Information Technology Act, 2000 deals with the issues relating to payment of compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data.
The rule states that whenever a company deals with any sensitive personal data or information, and is negligent in maintaining a reasonable security to protect such data or information, which thereby causes wrongful loss or wrongful gain to any person, then such body corporate shall be liable to pay damages to the person(s) so affected.
Punishment for disclosure of information in breach of lawful contract.
But this incident makes us think that is really our data secured with these giant companies? This kind of data breach by such big companies scares the people in terms of the security of their personal data. The hackers could have used the personal data of consumers for doing heinous crimes. The companies should take more proper measures to make sure that the personal data of the people is not compromised at any cost.