MUMBAI, India — Thirty-three-year-old media professional Mithun Mohandas first came to know about the Domino’s India data breach in mid-April when rumors were going around on the internet.

On April 19, ethical hacker Rajshekhar Rajaharia tweeted about the data breach of 200 million orders made via Domino’s India . On May 21, Rajaharia tweeted a screenshot of a webpage from the dark web, a part of the internet that can’t be indexed by regular search sites, which had a search module to look up Dominos user details.

Mohandas then searched for the link that would let him access the dark web page that Rajaharia had tweeted.

“After having gone through my ‘very public’ order history on the dark web, I now know that my orders from Dominos are about 2.5-3 months apart,” Mohandas told Zenger News.

“The latest order was on November 17, 2020, at 4:53 pm, and details about the same were also found in the leak.” At no point did Mohandas receive any notification from Domino’s India about the breach.

Domino’s India is the latest entity to have become a data breach victim. Other high-profile cases include the data breach of 110 million users of MobiKwik , an online wallet company; 20 million users of e-grocery major BigBasket; debit and credit card details of 35 million users of fintech firm JusPay.

In case of a data breach, the Indian cybersecurity watchdog Computer Emergency Response Team (CERT-In) must be notified.

In the case of MobiKwik, Rajaharia, who had brought the data breach to users’ attention, told Zenger News that he had shared every detail with CERT-In. He did the same with Domino’s India breach as well. But he is yet to receive any response.

Hyderabad-based independent researcher Srinivas Kodali told Zenger News that the Free Software Movement of India, a coalition of organizations promoting free and open-source software, has regularly sent letters to CERT-In but to no avail.

“There has been no response from CERT-In,” said Kodali. “Outreach-wise, CERT-In is doing a terrible job. One needs to look at their Twitter account.”