| Recurring |
one_organization, multiple_organization |
a) The software failure incident related to a hack demanding a ransom from Domino's Pizza in France and Belgium by hackers calling themselves Rex Mundi is an example of a similar incident happening again within the same organization. This incident involved the theft of personal data of customers, including sensitive information like names, addresses, phone numbers, email addresses, passwords, and even favorite pizza toppings. The hackers demanded a ransom of €30,000 to not publish the stolen data [27441].
b) The article mentions that the hacker group Rex Mundi has a history of extorting money from global companies by stealing user data. In 2012, the group stole and published online loan-applicant details from a US payday loan company. Additionally, Belgian internet hosting company Alfa Hosting also suffered a break-in by Rex Mundi this year, leading to the publication of customer names online. This indicates that similar incidents have happened at multiple organizations targeted by the same hacker group [27441]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where it mentions that the hacker group Rex Mundi stole personal data from Domino's Pizza after a hack. The hackers were able to access and steal customers' full names, addresses, phone numbers, email addresses, passwords, delivery instructions, and even favorite pizza toppings. Domino's France admitted that despite using an encryption system for data, they suffered a hack by seasoned professionals, indicating a potential flaw in the design or implementation of their security measures [27441].
(b) The software failure incident related to the operation phase can be observed in the article where it discusses the breach at Domino's Pizza. The breach occurred due to illegal access by hackers, leading to the theft of personal information of customers. The incident highlights the importance of securing customer data and the potential consequences of inadequate security measures during the operation of the online platform [27441]. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident related to the Domino's Pizza hack can be categorized as within_system. The incident was caused by hackers breaking into Domino's Pizza's system and stealing personal data of over 600,000 customers from France and Belgium [27441]. The hackers were able to access and steal customers' full names, addresses, phone numbers, email addresses, passwords, delivery instructions, and even favorite pizza toppings. Domino's France acknowledged the breach and mentioned that although they use an encryption system for data, the hackers were able to decode it, indicating a vulnerability within their system [27441]. Additionally, the hackers demanded a ransom from Domino's Pizza in exchange for not publishing the stolen data, further highlighting the breach originating from within the system. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident in this case was caused by hackers who stole personal data from Domino's Pizza, affecting over 600,000 customers in France and Belgium [27441].
- The hackers, known as Rex Mundi, demanded a ransom of €30,000 to not publish the stolen data [27441].
- The stolen data included customers' personal information such as names, addresses, phone numbers, email addresses, passwords, delivery instructions, and favorite pizza toppings [27441].
- Domino's Pizza acknowledged the hack and mentioned that the encryption system for data was compromised by seasoned professionals, indicating a breach by external non-human actors [27441].
(b) The software failure incident occurring due to human actions:
- Domino's Pizza did not pay the ransom demanded by the hackers, indicating a decision made by the company's management [27441].
- The incident highlighted the importance of securing customer data and the potential consequences of inadequate security measures [27441].
- The article mentions that the passwords in the stolen data appeared to be in plain text, raising concerns about how Domino's Pizza stored sensitive information, which could be attributed to human error in handling data security [27441]. |
| Dimension (Hardware/Software) |
software |
(a) The articles do not provide information about a software failure incident occurring due to contributing factors originating in hardware.
(b) The software failure incident reported in the articles is related to a hack where hackers demanded a ransom from Domino's Pizza after stealing personal data of customers in France and Belgium. The hack resulted in the theft of personal information such as names, addresses, phone numbers, email addresses, passwords, delivery instructions, and favorite pizza toppings [27441]. The hackers claimed to have breached Domino's encryption system and threatened to publish the stolen data if a ransom of €30,000 was not paid [27441]. The incident highlights the importance of securing customer data and the risks associated with cyber blackmail and extortion in the digital age. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. Hackers, identified as Rex Mundi, demanded a ransom of €30,000 from Domino's Pizza after stealing personal data on more than 600,000 of its French and Belgian customers [27441]. The hackers stole customers' personal information, including names, addresses, phone numbers, email addresses, passwords, delivery instructions, and favorite pizza toppings. They threatened to publish the stolen data if the ransom was not paid, indicating a clear intent to harm the system and extort money from the company. The incident involved a deliberate hack by seasoned professionals, demonstrating malicious intent [27441].
(b) The software failure incident is non-malicious in terms of the contributing factors introduced without intent to harm the system. The incident did not involve a system failure caused by unintentional errors, bugs, or faults within the software itself. Instead, it was a targeted hack by external malicious actors seeking to exploit vulnerabilities in the system for financial gain [27441]. The breach was a result of a deliberate cyberattack aimed at stealing sensitive customer data and extorting money from the company, rather than a non-malicious software failure caused by accidental coding mistakes or technical issues. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The intent of the software failure incident:
- The incident involving Domino's Pizza being hacked and customer data stolen was not due to poor decisions made by the company but rather a deliberate act by hackers. The hackers demanded a ransom from Domino's Pizza in exchange for not publishing the stolen data [27441].
- The hackers, known as Rex Mundi, intentionally targeted Domino's Pizza to extort money by stealing customer data and demanding a ransom [27441].
- The hackers threatened to publish the stolen data if their ransom demand was not met, indicating a deliberate and malicious intent behind the software failure incident [27441]. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as hackers were able to breach Domino's Pizza's system and steal personal data from over 600,000 customers in France and Belgium. The hackers, identified as Rex Mundi, claimed to be seasoned professionals who could decode the encryption system used by Domino's Pizza, indicating a level of professional competence in hacking [27441].
(b) The accidental aspect of the software failure incident is not explicitly mentioned in the provided article. |
| Duration |
temporary |
The software failure incident reported in the articles is temporary. The incident involved hackers demanding a ransom from Domino's Pizza after stealing personal data of customers in France and Belgium [27441]. The breach was acknowledged by Domino's France, and the hackers threatened to publish the stolen data if the ransom was not paid. This incident was a result of external factors (hackers) compromising the security of the system, leading to a temporary failure in the form of data theft. |
| Behaviour |
other |
(a) crash: The incident reported in the news articles does not involve a crash where the system loses state and does not perform any of its intended functions. The failure is related to a data breach and extortion attempt by hackers, rather than a system crash [27441].
(b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s). Instead, the failure is related to a data breach and theft of personal data by hackers [27441].
(c) timing: The failure is not related to the system performing its intended functions correctly but too late or too early. The incident is primarily about a data breach and extortion attempt, not a timing issue [27441].
(d) value: The failure is not due to the system performing its intended functions incorrectly. The main issue in this incident is the theft of personal data and the extortion attempt by hackers, rather than the system malfunctioning in terms of value [27441].
(e) byzantine: The incident does not involve the system behaving erroneously with inconsistent responses and interactions. The failure is related to a data breach and extortion attempt by hackers, rather than a situation of inconsistent responses or interactions within the system [27441].
(f) other: The behavior of the software failure incident in this case is related to a security breach and extortion attempt by hackers. The failure is characterized by unauthorized access to personal data, theft of information, and a demand for ransom, which falls under the category of a security incident rather than a typical software failure [27441]. |