NPC confirms data of 11M Jollibee customers leaked
CONSUMERS’ PRIVACY COMPROMISED

NPC confirms data of 11M Jollibee customers leaked

NPC confirms data of 11M Jollibee customers leaked

Inquirer file photo

MANILA, Philippines — Sensitive personal information of around 11 million people, including birth dates and senior identification numbers, in the records of fast food giant Jollibee Food Corp. has been compromised in one of the biggest customer data leaks in Philippine history, the government’s privacy watchdog said on Monday.

The National Privacy Commission (NPC) said the Jollibee group notified them on Saturday at 11:38 a.m. of a possible unauthorized access to the company’s data lake, the centralized repository of all the data of the firm’s business units.

Article continues after this advertisement

READ: 3 suspected hackers caught, tech journalist implicated

FEATURED STORIES

“Sensitive personal information, including dates of birth and senior ID numbers, has been compromised. Approximately 11 million data subjects are affected, the majority of whom are Jollibee customers,” Roren Marie Chin, chief at the NPC’s Public Information and Assistance Division, said in a statement to reporters.

“Other impacted brands include Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya and Panda Express,” she added.

Article continues after this advertisement

READ: Toyota PH, Robinsons Land hit by data breach

Article continues after this advertisement

The NPC official said that Jollibee had requested an additional 20 days to complete its internal investigation.

Article continues after this advertisement

Growing concern

During the weekend, the fast-food giant owned by tycoon Tony Tan Caktiong said it was already investigating the suspected data breach involving its delivery service system.

A cybersecurity advocacy group called Deep Web Konek made a social media post on Thursday last week, alleging a data breach that involves the personal data of 32 million customers.

Article continues after this advertisement

READ: Records of 13,000 Maxicare members exposed in latest data breach

In the post, a user appeared to be offering the data for sale in an online discussion board.

Less than a week ago, two consumer rights groups raised concerns about the impact of the string of data breaches involving the records of tens of thousands of customers.

These include the data breaches at Maxicare Healthcare Corp., wherein 13,000 customer records were exposed, according to the company itself, and at Toyota Makati, wherein more than a terabyte of data spanning from 2016 to 2024 were compromised, according to Deep Web Konek.

Property developer Robinsons Land Corp. also suffered a data leak recently.

Malayang Konsyumer group said these recent data hacks placed consumers’ rights to privacy in severe jeopardy.

“The fact that the attackers are now able to breach the private consumer data of private corporations means the culprits are now acting with more sophisticated technology,” the groups’ spokesperson, lawyer Simoun Montelibano Salinas, warned.

Rights Action Philippines (RAP) group noted that data breaches have become a commonplace today, affecting both the public and private sector.

“These shows how weak the country is when it comes to safeguarding the security of our personal information,” RAP media relations officer Ferdie Ferido told the Inquirer in a statement.

He also criticized the lack of results in identifying the culprits behind these data breaches.

On Monday, Assistant Secretary Amanda Nograles of the Department of Trade and Industry’s consumer affairs and legal service group said they would accept consumer complaints affected by these data leaks.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

She said affected consumers who had their data exposed need not prove that damage had been caused by the breach, noting that the leakage of their information itself was already a violation of the law.

TAGS: data leak, Jollibee Food Corporation, National Privacy Commission (NPC)

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.