.png)
The NPC revealed that the breach involved unauthorized access to Jollibee Group’s data lake, which holds data for all companies in the group. While most affected were Jollibee customers, patrons of other brands such as Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express were also impacted.
Jollibee Foods Corporation has requested an additional 20 days to complete its internal investigation into the breach. Meanwhile, the Department of Information and Communications Technology (DICT) has been formally asked for assistance by the corporation. DICT Spokesperson Assistant Secretary Renato “Aboy” Paraiso confirmed this, noting that data from Jollibee had already surfaced on the dark web. “This breach occurred on Friday, and we have since followed up with Jollibee. Unfortunately, we have confirmed that Jollibee’s data is already on the dark web,” Paraiso said.
This incident is part of a larger trend of cybersecurity issues in the Philippines. Last week, authorities apprehended several individuals suspected of cyberattacks against both government agencies and private entities. Paraiso emphasized the importance of holding these individuals accountable, even if they claim to be “hacktivists” acting to highlight vulnerabilities.
“The problem with these ‘hacktivists’ is that their unsanctioned actions often result in sensitive personal data being dumped on the dark web,” Paraiso said. “While they claim to be improving cybersecurity, they violate data privacy laws by exposing personal information.”
The NPC warned that data breaches, especially those involving sensitive personal information, increase the risk of identity theft and scams. Last week, health maintenance organization Maxicare also reported a data breach through a third-party provider, highlighting the growing issue of cybersecurity in the region.
As investigations continue, the NPC and DICT urge affected customers to remain vigilant and take steps to protect their personal information. This breach underscores the critical need for robust cybersecurity measures across all sectors.
For businesses looking to enhance their cybersecurity posture, partnering with a Managed Security Service Provider (MSSP) like Directpath Global Technologies (DGT) can provide comprehensive protection. DGT offers Mobile Threat Defense (MTD), Extended Detection and Response (XDR), Vulnerability Assessment and Penetration Testing (VAPT), System Organization Controls Type 2 (SOC2), Vulnerability Risk Management as a Service (VRMaaS), Web Application Firewall (WAF), and virtual Chief Information Security Officer (vCISO) services. DGT’s advanced Artificial Intelligence Division tailors these services to the unique needs of each organization, ensuring robust protection against evolving cyber threats.
In the wake of such breaches, it is imperative for organizations to not only implement stringent cybersecurity measures but also to continuously monitor and adapt to the ever-changing landscape of cyber threats. By taking proactive steps, businesses can protect their sensitive data and maintain the trust of their customers. Source: Arab Times
Comments