24/06/2024
24/06/2024
MANILA, Philippines, June 23: The Jollibee Group has suffered a data breach affecting 11 million customers across its various brands, the National Privacy Commission (NPC) announced in a release on Monday. The breach, which was reported to the NPC on Saturday, compromised sensitive personal information including customers' dates of birth and Senior Citizen ID numbers.
The NPC stated that the breach involved "unauthorized access to [Jollibee Group's] data lake, which holds data for all companies in the group." While most affected were Jollibee customers, patrons of other brands such as Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express were also impacted.
Jollibee Foods Corporation has requested an additional 20 days to complete its internal investigation into the breach. Meanwhile, the Department of Information and Communications Technology (DICT) has been formally asked for assistance by the corporation. DICT Spokesperson Assistant Secretary Renato "Aboy" Paraiso confirmed this, noting that data from Jollibee had already surfaced on the dark web.
"This breach occurred on Friday, and we have since followed up with Jollibee. Unfortunately, we have confirmed that Jollibee's data is already on the dark web," Paraiso said.
This incident is part of a larger trend of cybersecurity issues in the Philippines. Last week, authorities apprehended several individuals suspected of cyberattacks against both government agencies and private entities. Paraiso emphasized the importance of holding these individuals accountable, even if they claim to be "hacktivists" acting to highlight vulnerabilities.
"The problem with these 'hacktivists' is that their unsanctioned actions often result in sensitive personal data being dumped on the dark web," Paraiso said. "While they claim to be improving cybersecurity, they violate data privacy laws by exposing personal information."
The NPC warned that data breaches, especially those involving sensitive personal information, increase the risk of identity theft and scams. Last week, health maintenance organization Maxicare also reported a data breach through a third-party provider, highlighting the growing issue of cybersecurity in the region.
As investigations continue, the NPC and DICT urge affected customers to remain vigilant and take steps to protect their personal information.