Jollibee data breach could be linked to global extortion scheme

Jollibee data breach could be linked to global extortion scheme – NPC

By: - Reporter / @zacariansINQ
/ 10:01 PM June 26, 2024

Jollibee data breach could be linked to global extortion scheme – NPC

STOCK PHOTO

MANILA, Philippines — The National Privacy Commission (NPC) on Wednesday said the data breach involving Jollibee may be a part of a series of extortion activities happening globally.

According to NPC-Compliance and Monitoring Division (CMD) chief Rainier Millanes, around 165 companies in different countries were recorded to have been affected by such attacks in June 2024.

Article continues after this advertisement

READ: NPC confirms data of 11M Jollibee customers leaked

FEATURED STORIES

“Maaari pong connected po ito sa string of extortion activities – ito po iyong paghingi ng pera kapalit ng datos or ransomware extortion activities na nangyayari ngayon sa buong mundo. Hindi lang po Jollibee iyong tinamaan, pati po karamihan po ng mga kumpanya sa buong mundo ay tinamaan din po nitong ganitong klaseng pag-atake,” said Millanes in a Bagong Pilipinas Ngayon briefing.

(This may be connected to the string of extortion activities – asking for money in exchange for data or ransomware extortion activities – that is happening around the world today. Not only Jollibee was hit, most companies around the world were also hit by this type of attack.)

Article continues after this advertisement

While the investigation on the cyberattack is ongoing, Millanes said the data breach affected 11 million customers, including customers of Jollibee, Chowking, Greenwich, Red Ribbon, Mang Inasal, Burger King, Yoshinoya and Panda Express.

Article continues after this advertisement

When asked which specific information was compromised, Millanes explained that it was their data link.

Article continues after this advertisement

Data link, said the NPC official, refers to a collection of information which could include personal data or other information.

“Iyong extent po, inaalam pa po ng Jollibee sa ngayon at humingi po sila sa atin, allowed naman po iyan sa rules of procedure ng NPC, humingi po sila sa atin ng 20 days starting last Saturday – additional 20 days for them to be able to identify, personally identify and notify affected data subjects and also for them to conduct iyong kanilang internal investigation on the matter,” said Millanes.

Article continues after this advertisement

(Regarding the extent, Jollibee is still investigating this and they asked us for 20 days starting last Saturday, which is allowed in the rules of procedure of the NPC– additional 20 days for them to be able to identify, personally identify and notify affected data subjects and also for them to conduct their internal investigation on the matter.)

Millanes said the compromised data was leaked by a certain “Spider” in the dark web, but also said that the NPC is not yet discounting the possibility that the data breach could have been an inside job, pending an investigation.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: Hacking, Jollibee

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.