NPC confirms data of 11M Jollibee customers leaked
Inquirer file photo
MANILA, Philippines — Sensitive personal information of around 11 million people, including birth dates and senior identification numbers, in the records of fast food giant Jollibee Food Corp. has been compromised in one of the biggest customer data leaks in Philippine history, the government’s privacy watchdog said on Monday.
The National Privacy Commission (NPC) said the Jollibee group notified them on Saturday at 11:38 a.m. of a possible unauthorized access to the company’s data lake, the centralized repository of all the data of the firm’s business units.
READ: 3 suspected hackers caught, tech journalist implicated
“Sensitive personal information, including dates of birth and senior ID numbers, has been compromised. Approximately 11 million data subjects are affected, the majority of whom are Jollibee customers,” Roren Marie Chin, chief at the NPC’s Public Information and Assistance Division, said in a statement to reporters.
“Other impacted brands include Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya and Panda Express,” she added.
READ: Toyota PH, Robinsons Land hit by data breach
The NPC official said that Jollibee had requested an additional 20 days to complete its internal investigation.
Growing concern
During the weekend, the fast-food giant owned by tycoon Tony Tan Caktiong said it was already investigating the suspected data breach involving its delivery service system.
A cybersecurity advocacy group called Deep Web Konek made a social media post on Thursday last week, alleging a data breach that involves the personal data of 32 million customers.
READ: Records of 13,000 Maxicare members exposed in latest data breach
In the post, a user appeared to be offering the data for sale in an online discussion board.
Less than a week ago, two consumer rights groups raised concerns about the impact of the string of data breaches involving the records of tens of thousands of customers.
These include the data breaches at Maxicare Healthcare Corp., wherein 13,000 customer records were exposed, according to the company itself, and at Toyota Makati, wherein more than a terabyte of data spanning from 2016 to 2024 were compromised, according to Deep Web Konek.
Property developer Robinsons Land Corp. also suffered a data leak recently.
Malayang Konsyumer group said these recent data hacks placed consumers’ rights to privacy in severe jeopardy.
“The fact that the attackers are now able to breach the private consumer data of private corporations means the culprits are now acting with more sophisticated technology,” the groups’ spokesperson, lawyer Simoun Montelibano Salinas, warned.
Rights Action Philippines (RAP) group noted that data breaches have become a commonplace today, affecting both the public and private sector.
“These shows how weak the country is when it comes to safeguarding the security of our personal information,” RAP media relations officer Ferdie Ferido told the Inquirer in a statement.
He also criticized the lack of results in identifying the culprits behind these data breaches.
On Monday, Assistant Secretary Amanda Nograles of the Department of Trade and Industry’s consumer affairs and legal service group said they would accept consumer complaints affected by these data leaks.
She said affected consumers who had their data exposed need not prove that damage had been caused by the breach, noting that the leakage of their information itself was already a violation of the law.
