Jollibee ordered to suspend online delivery system over privacy concern | Inquirer Business

Jollibee ordered to suspend online delivery system over privacy concern

NPC: PRIVACY OF 18M PEOPLE IN FASTFOOD CHAIN’S DATABASE IN HIGH RISK
08:27 PM May 08, 2018

The data of 18 million people in the online delivery database of popular fast food chain Jollibee Foods Corp. (JFC) are in “high risk” of being exposed to harm due to vulnerabilities in the system although its database has not been breached, the National Privacy Commission (NPC) said.

In an order posted online on Tuesday evening, the NPC ordered Jollibee to suspend operations of its online delivery system until the site’s vulnerabilities are addressed.

Article continues after this advertisement

When asked about the kind of personal information accessed, Francis Euston Acero, head of NPC’s Complaints and Investigations Division (CID), said the government is not revealing this yet.

FEATURED STORIES

Still, Acero said it is similar to the case of Wendy’s Philippines, another fast food chain that faced a similar privacy concern.

The main difference is that Wendy’s database had been breached while JFC only has the potential to be hacked given their system’s vulnerabilities.

Article continues after this advertisement

“We withheld that information deliberately because giving that information would give potential attackers avenues in,” Acero said in a phone interview with the Inquirer.

Article continues after this advertisement

The risk was first discovered in December last year, when an uncontracted cybersecurity firm noted a “security gap” in the online delivery system.

Article continues after this advertisement

“While their group was able to exploit the vulnerabilities, their firm insisted that they did not scrape or exfiltrate any data, because they merely demonstrated their ability to access the data in Jollibee’s database if they so desired,” the NPC order read.

In February this year, NPC said that the site remains to be vulnerable, that even those “with little to moderate technical knowledge and skill” could access personal information of Jollibee patrons through the website.

“Considering that smaller systems with more robust security measures have been exposed, there is a very high risk that approximately 18 million people currently on the database will be exposed to harm,” NPC said./vvp

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: breaking, cyber-hacking, cybersecurity, jollibee, Jollibee Foods Corporation, National Privacy Commission, Philippine latest news

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.