Jollibee probes alleged data breach affecting 32 million customers

MANILA, Philippines  — Fast-food giant Jollibee Foods Corp. is investigating an alleged data breach involving its delivery service system, adding to a growing list of companies being targeted by hackers.

In a statement sent to the Inquirer on Saturday morning, Jollibee said it was addressing “a cybersecurity incident” that reportedly affected the company, “in addition to other companies.”

“We take this matter seriously and have launched an investigation to better understand the scope of the incident,” Jollibee said.

“We have implemented response protocols in addition to enhanced security measures to further protect data against threats,” it added.

E-commerce platform unaffected

The company clarified, however, that its e-commerce platforms were unaffected and remained operational.

Jollibee issued the statement in response to cybersecurity advocacy group Deep Web Konek’s social media post regarding an alleged data breach involving the company owned by tycoon Tony Tan Caktiong.

The group cited a post made by a certain “Sp1d3r,” which claimed to possess the personal data of 32 million customers. The user appeared to be offering the data for sale in an online discussion board.

“The compromised data includes sensitive customer information such as names, addresses, phone numbers, and email addresses,” Deep Web Konek claimed. “Additionally, extensive records of food delivery orders, sales transactions, and service details have been exposed.”

In a separate post, the group also claimed that the breach involved “several sensitive information” related to Jollibee’s other restaurants, such as Chowking and Mang Inasal.

Rising cyberattacks

Jollibee, which had 6,886 stores—including other brands it owns—worldwide as of end-March, did not confirm Deep Web Konek’s posts. The company has yet to release its report.

READ: Records of 13,000 Maxicare members exposed in latest data breach

“We are working closely with relevant authorities and experts,” Jollibee said. “Please be assured that we are continuously fortifying our defenses against future threats and remain committed to our priority of safeguarding customer data.”

The homegrown company is just one of many firms that have recently been targeted by hackers.

Insurance and healthcare plan provider Maxicare Healthcare Corp. last week confirmed a breach of their data records.

Earlier this month, the National Privacy Commission also confirmed that automotive giant Toyota Motor Corp. and developer Robinsons Land Corp. were hit by a data breach.