Spammers grab slice of Domino's customers' personal information
Pizza company Domino's says some of its customers' information may have been stolen and has set up an 0800 number for people who have concerns.
The stolen information included email addresses and Domino's said a number of customers had received spam, but it said customers' passwords and credit card details were safe.
It was investigating "a potential issue with a former supplier's systems", it said.
That may have led to email addresses and details of the stores that customers had ordered from being stolen. But tests showed its own systems were secure and customers' passwords and credit card details had not been compromised, it said.
The admission came after customers reported receiving suspicious emails from a "Sarah" asking them to confirm the suburb in which they lived.
Luke Chandler, from Christchurch, said he recalled ordering pizzas using the name "Professor Chandler" for laughs from Domino's Mount Maunganui store last year.
Sure enough, he received an email addressed to Professor Chandler asking if he was from Mount Maunganui.
Dozens of customers have reported similar experiences online.
After complaining to Domino's, Chandler was told via Facebook private message that the company valued his privacy and data security.
He was told to "rest assured our IT and information security teams are now hard at work resolving this issue".
Domino's apologised and said it would work closely with "relevant privacy authorities" in New Zealand "to prevent this from happening again".
Spokeswoman Tracy Llewellyn confirmed the company had been in touch with the Privacy Commissioner about the incident.
Concerned customers could call Domino's on a helpline (0800 29 20 00) it had established to provide more information, the company said in a statement.
Domino's said there was no need for customers to change their passwords but advised them not click on links in the spam emails they received.
It stopped working with the supplier it was investigating in July, it said.
Domino's Pizza Enterprises owns the Domino's franchise in New Zealand, Australia, France, Belgium, Holland and Japan and is valued at more than A$4 billion (NZ$4.4b) on the Australian stock market.
Reuters reported in 2014 that hackers had stolen data on more than 600,000 Domino's customers in Belgium and France and that an anonymous Twitter user had then threatened to publish the data unless they received a cash ransom.
Businesses are not obliged to notify the Privacy Commissioner of data breaches, although a law change has been in the wings for several years that would make that mandatory in some circumstances.
The law change would bring New Zealand into line with rules that apply in most OECD countries.
The office publishes advice to consumers who are worried their data may have been compromised.