Stay on this page and when the timer ends, click 'Continue' to proceed.

Continue in 17 seconds

Jollibee investigates alleged data leak of customer delivery records

Jollibee investigates alleged data leak of customer delivery records

Source: Rappler

MANILA, Philippines - Jollibee Food Corporation (JFC) is probing a possible data breach that had allegedly exposed the delivery records of 32 million customers.

"We are addressing a cybersecurity incident recently reported to affect our company, in addition to other companies," the Jollibee Group said in its official statement sent to Rappler on Saturday, June 22.

"We take this matter seriously and have launched an investigation to better understand the scope of the incident."

The fast-food giant also said that it was implementing "response protocols" and "enhanced security measures" to protect its data, as well as engaging authorities and experts.

"Our e-commerce platforms are unaffected and remain operational. Please be assured that we are continuously fortifying our defenses against future threats and remain committed to our priority of safeguarding customer data," the statement added.

The alleged data breach was first reported by Deep Web Konek on Thursday, June 20. The cybersecurity advocacy group said it had detected an "alleged Jollibee Delivery data leak up for sale on the forums for $40K, consisting of 32 million customer records and 650 million records of transactions, sales orders, customer information, food delivery, and service data."

The group also posted a screenshot of the forum post allegedly advertising the sale of the delivery dataset.

On Friday, June 21, the same group said that the data breach also involved "sensitive information" of other companies in the Jollibee Group, such as Chowking and Mang Inasal. Deep Web Konek also posted a screenshot that appeared to show the information of a Mang Inasal employee.

Other brands under JFC include Greenwich, Red Ribbon, Burger King Philippines, and Highlands Coffee. There have been no reports yet about their data being part of the leak.

This is not the first time that JFC has faced controversy over its cybersecurity. In December 2017, JFC reported a data breach involving the customer database of Jollibee's delivery website. Months later, in May 2018, the National Privacy Commission (NPC) suspended Jollibee's delivery website due to "serious vulnerabilities." JFC also took down the delivery websites of its other brands.

At that time, the NPC warned that the data of 18 million customers were at "a very high risk" of being exposed. So far, the NPC has not commented on JFC's latest reported data breach.

Aside from the fast-food giant, other major businesses have recently suffered massive data breaches. The NPC confirmed reports of data breaches for Toyota and Robinsons Malls on June 6. Weeks later, on June 18, the NPC also confirmed that it had received a data breach notification report for Maxicare Healthcare Corporation. - Rappler.com

Could not load content