Domino’s customers get personalised spam from “Sarah” as former supplier implicated in potential leak

Domino’s Pizza fans have taken to Facebook to accuse the chain of a “pathetic” response to privacy concerns, after the chain admitted a potential issue with a former supplier’s systems may have led to unauthorised parties accessing customer information to send personalised spam emails.

Customers have complained of emails being sent to their personal inboxes from “Sarah”, asking whether they still live in particular suburbs, which match up with the location of Domino’s stores they have previously ordered from.

SmartCompany has seen copies of the emails, in which “Sarah” seeks to confirm the suburb of the customer and informs them the sending address is her new best contact.

In a statement provided to SmartCompany, Domino’s confirmed it has been working with an unnamed former supplier after discovering a potential issue with that supplier’s systems, which may have led to unauthorised access to customer’s names, emails and store suburbs related to pizza orders.

“Domino’s apologises to customers who may have received any unsolicited emails as a result of this unauthorised access through the former supplier and recommends customers do not engage or respond to these emails,” the company said.

The pizza chain said customers do not need to worry about updating their passwords or details, and says no financial information has been accessed.

Domino’s said it is taking steps to “prevent this from reoccurring”, and that the relationship with the third party supplier finished in July.

SmartCompany asked Domino’s for further clarification about what exact steps are being taken to prevent a similar situation from occurring in future but did not receive a response prior to publication.

The breach first came to light in New Zealand, where Stuff.co.nz reports a customer joined the dots between the emails he was getting and his Domino’s orders because the emails arrived with a name he only used as a joke when ordering pizza. Business Insider has also shared examples of the spam emails.

On Facebook this week, customers have urged the company to provide further details and questioned why Domino’s did not confirm the breach until after customers started to complain about the spam emails.

“Don’t give me the same copy and paste ‘send us your contact details’,” one customer asked, pointing out that the company’s knowledge of his contact details was the reason the spam emails were occurring.

Rebuilding trust takes time

Crisis communications expert Nicole Matejic says when businesses are hit with a situation that may have involved liability of a third party, making sure your business still takes responsibility is critical.

“It is really easy at that point to blame someone else, but you need to take accountability about what’s happened and rebuild trust,” she says.

In situations like data breaches where there could be a number of customers coming forward over a long period of time, it’s important to keep the conversation open, rather than shutting down, Matejic says.

“People don’t like dealing with conflict, so they tend to try and hide and hope the conflict goes away,” she says.

However, in a case like this one with Domino’s, it’s important that the business has a plan to “rebuild trust” over a longer period of time.

If the situation is likely to affect a big group of customers, rebuilding that trust is a one-on-one proposition, Matejic says.

“If it is a widescale thing, then give people a number they can call,” she says.

“Get a solid crisis plan for how you’re going to manage these things.”

Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on Twitter, Facebook, LinkedIn and Instagram.