Turns out the Pizza company keeps a lot more than just your email address and suburb. And you know who else might know about my evening snacking habits? Hackers. Based on what is currently "known" to Domino's, it "believes" that only a "small part" of the total information it stores about customers was "accessed" by hackers. For the first time, Domino's has revealed that store names you ordered from, customer order names (if provided), and customer email addresses for orders were accessed as part of the breach that Fairfax Media first reported on in October, when Domino's revealed it had been subjected to a breach that resulted in customers receiving spam emails. The key word being "accessed", a term used by many companies that have been breached by hackers to hide the fact that they may have also "exposed" other information to hackers, but that it was not "downloaded" (as far as they know).

As someone recently pointed out to me, that's like saying, 'We left a binder of your personal information on the footpath and no one photocopied it. That we know of'. Whether or not further data was exposed — such as your midnight snack order list, home address, mobile number, and more— is yet to be known. However, personal data released to Fairfax Media under Australian privacy laws shows that Domino's stores and retains for several years a whole host of information about you beyond your email, name, and the store address you ordered from. It turns out Domino's also stores your mobile number, payment method (credit card versus cash), IP address, email address, name, order date, order address, delivery instructions, delivery type (pickup versus delivery), the products you ordered and their price, the vouchers you used, and any feedback you left.

In an email to this author on Monday, after several automated email responses, Domino's finally came clean about what data it believed had been stolen, as well as the data it has stored about its customers. "Please find enclosed an Excel spreadsheet containing a customer data summary relating to your email address, as requested, and in accordance with our obligations under the Privacy Act 1988," Domino's privacy officer wrote on Monday after this author threatened to take Domino's to the Australian privacy commissioner. "The spreadsheet … contains the information that we hold about you and does not represent the information that may be subject to the spam incident. We currently believe that only a small part of the total information was accessed, being order name, store name and order email address," the privacy officer said. "This is the type of information that is contained in an online rating system managed by a former supplier which suggests this may have been the source of the information. "We are continuing to investigate this."

The privacy officer further added that Domino's and Silvio's Dial-A-Pizza Pty Ltd (the operator of its Pizza Mogul platform) "collect, hold and use information in accordance with law". Pizza Mogul is Domino's online platform that lets you create your own custom pizzas and promote them via social media to "make easy money". "Please note that investigations into the unauthorised spam incident so far confirm the Domino's systems are secure and your payment information (we do not store your credit card) and passwords have not been accessed or compromised," Domino's said, before adding that "no account information or passwords have been accessed". According to Domino's, customers do not have to update their Domino's account passwords. "However, we recommend that you do not reply to any spam emails that you may receive or click on any links or attachments contained in the spam emails. "We also recommend that you mark the emails as spam and ensure your software and anti-virus protection is up-to-date." So far people have only received annoying spam emails as part of the breach.