Jollibee Data Breach

Jollibee, a popular Filipino fast food business, has suffered a huge data breach, which could compromise the personal information of millions of Jollibee Group consumers. 

The National Privacy Commission of the Philippines (NPC) announced the breach on Monday, June 24th, 2024, indicating that sensitive information, such as dates of birth and senior citizen ID numbers, may have been accessed by unauthorized individuals.

What Type of Data is Affected By the Breach?

According to Rainier Anthony Milanes, chief of the NPC's compliance and monitoring branch, the breach affected JFC's "data lake," which contained the personal information of customers from all of the Jollibee Group's restaurants.

"When you say 'data lake,' that refers to all types of data. "It could be structured or unstructured (data)," he said in a chat interview yesterday.

Roren Marie Chin, chief of the NPC's Public Information and Assistance Division, told reporters that:

"Sensitive personal information, such as dates of birth and senior identification numbers, has been compromised. "Approximately 11 million data subjects are affected, the majority of whom are Jollibee customers." 

"Other impacted brands include Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express," according to the report.

The breach has affected sensitive personal information, including customers' dates of birth and senior citizen ID numbers, the NPC said.

Full story: https://t.co/Dfr0mY4VQR pic.twitter.com/9iTBOqsx2m

— ABS-CBN News (@ABSCBNNews) June 24, 2024

What Kind of Threat Was Involved in the Breach?

Jollibee told Bloomberg:

"We take this matter seriously and have launched an investigation to better understand the scope of the incident.”

 "We have implemented response protocols in addition to enhanced security measures to further protect data against threats," according to the announcement.

The Inquirer states that the incident was limited to the company's distribution system. According to reports, its e-commerce sites are unaffected and continue to operate.

Sp1d3r is a threat actor who has gained a lot of attention in recent weeks, primarily because of the Snowflake breach. Sp1d3r has already been revealed by TechRadar Pro to have sold sensitive data from Advance Auto Parts for $1.5 million, cybersecurity firm Cylance for $750,000, and Truist Bank for $1 million. 

NatSit: The National Privacy Commission, in a press release, reported that the Jollibee Foods Corporation (JFC) is investigating a suspected data breach concerning sensitive information of over 11 million customers such as senior citizen numbers and birth dates. pic.twitter.com/NJ6cFgcZte

— The LaSallian (@TheLaSallian) June 25, 2024

Jollibee’s Statement Regarding the Breach

JFC verified that the cyberattack did not affect its e-commerce platforms or those of its subsidiaries.

"JFC acknowledges the significance and relevance of protecting its stakeholders' personal information. 

The company informs the public that it is committed to prioritizing the protection and confidentiality of such personal information, including customer data, by constantly strengthening its defenses against future threats," the company stated.

Thomas Richards Principal Security Consultant at Synopsys Software Integrity Group, said:

"Data breaches have become all too regular in recent weeks. Fortunately, in this situation, only customer emails were compromised, not personal information. 

While the addresses may already be known publicly, this would allow an attacker to develop tailored phishing campaigns regarding this brand to induce the targets to complete an action such as resetting a password on a malicious landing page that resembles the official one. 

Customers should be wary of emails requiring immediate action, as this is a warning indicator of an attack." 

Tighten Your Security While Using Online Platforms!

Stay updated by reviewing official Jollibee or NPC announcements. Be wary of phishing efforts relating to the data leak.

If you are a Maxicare member, they request that you be vigilant and report any unusual activity on your account. You can also reach Maxicare directly for further information.

It is critical to remain cautious against any phishing efforts related to major data breaches. Do not click on strange links or disclose personal information until you are certain of their origin.

Get PurePrivacy to stay away from potential data breaches!