A data breach that may have compromised the contact information of thousands of customers hit S&R Membership Shopping last Nov. 14, but the upscale retailer informed the public through an advisory only on Wednesday, or more than a week after the incident.
A data breach exposes confidential, sensitive or protected information to unauthorized persons, usually scammers who use them in their cybercrime activities.
The National Privacy Commission (NPC) told reporters on Wednesday that it was notified by S&R about the breach on Nov. 15 and said about 22,000 customers were affected. The NPC refused to provide other information to reporters.
The void in information from both the NPC and S&R since the breach was filled by viral Facebook posts made by social media influencer and convicted scammer Christian “Xian” Gaza, who was slapped by a Malabon court with a five-year jail sentence in 2018 after being found guilty of violating the Bouncing Check Law.
The NPC declined to comment on Gaza’s claims, which included a multimillion-dollar blackmail reportedly made by a “ransomware” hacker group against S&R.Advisory
Under NPC rules, S&R had to inform the affected shoppers about the breach within 72 hours of discovering the incident. Even with just a reason to believe that there might have been a breach, the owners of the data would still have to be informed.
The S&R public advisory was dated Nov. 21 and was posted on S&R’s official Facebook page on Nov. 24.
“We would like to inform you that S&R recently became the target of a cyber-attack. Our team acted immediately and decisively to implement our cybersecurity protocols that enabled us to resume our system operations,” it said.
“Limited membership data, which are confined to contact information, may have been compromised. However, all our members’ credit card and other financial information are safe and secured, as these data are protected by encryption measures as required by regulation,” the advisory continued.
The 22 S&R Membership warehouse clubs and 45 S&R New York Style Pizza stores have been part of the Puregold group since 2012.