Dominoes Australia is investigating a potential breach of its computer systems after a number of customers received personalised spam emails from the pizza company.
On Tuesday (17 October), several users complained that strange phishing emails were hitting their inboxes. One commenter on Reddit said that after contacting the company helpline he was informed that a "secondary supplier" had been hacked, exposing some information.
In a statement Thursday (19 October), published to Domino's corporate website, managing director Don Meij confirmed that store names, orders and customer email addresses had been stolen.
"Customers are being directly addressed by their first name and are being asked to confirm the suburb that they live in," he explained in the update.
"This is the type of information that is contained in an online rating system managed by a former supplier, which suggests this may have been the source."
The notice said that the company had found no evidence to suggest its own computers had been breached.
Meij insisted that the firm does not store credit card information on its systems and stressed: "No financial data was accessed in this incident."
The statement continued: "We took immediate action to launch an investigation as soon as we became aware of an issue. We take the privacy of our customers very seriously.
"We also understand how frustrating receiving spam emails can be and we want to thank our customers for their patience and understanding while we continue to investigate this incident."
The company has not revealed when the issue first came to its attention.
On Facebook, a user called Mitchell Dale wrote: "It was a bit eerie getting all these spam emails that somehow knew my name and suburb and initially were making it past the spam filter.
"Fancy finding out from Reddit and not from Dominos that this is because you handed out my order data and there was a breach.
"Go ahead and give your stock copy paste response that you're concerned, I just want to make very clear that the decision to try to keep me in the dark and not announce what had happened is why I will not be ordering Domino's again."
The identity of the culprit remains unknown. Domino's said it has notified both the Office of the Australian Information Commissioner and Office of the Privacy Commissioner in New Zealand, two regions where significant complaints were raised.
It said that its websites remain safe to use and urged customers not to click on malicious links if they are sent via email. "You do not need to update your Domino's account details," it added.