Jollibee falls prey to data breach

The country’s most successful chain of restaurants, Jollibee Foods Corporation, and its chain of restaurant subsidiaries were the latest victim of a data breach, affecting 11 million data subjects, the National Privacy Commission confirmed on Monday.

“On 22 June, Saturday at 11:38 a.m., the NPC received notification from Jollibee Group of possible unauthorized access to its data lake, which holds data for all companies in the group,” the NPC statement said.

According to the NPC, the compromised data include sensitive personal information, particularly dates of birth and senior ID numbers.

“Approximately 11 million data subjects are affected, the majority of whom are Jollibee customers. Other impacted brands include Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express,” it said.

Further, Jollibee Foods Corporation has requested an additional 20 days to complete its internal investigation.

On Saturday, Jollibee said it was addressing “a cybersecurity incident” that reportedly affected the company, “in addition to other companies.”

“We take this matter seriously and have launched an investigation to better understand the scope of the incident. We have implemented response protocols in addition to enhanced security measures to further protect data against threats,” it added.