Jollibee Foods Corp. may have been one of the 163 companies attacked by an extortion-related hacking incident worldwide, according to Rainier Milanes, chief, Compliance and Monitoring Division of the National Privacy Commission (NPC).
Milanes told the Bagong Pilipinas Ngayon news program on PTV-4 Jollibee Group may have been victimized by the string of ransomware activities launched by an international group on a cloud computing service provider which serves the 163 companies, including including Jollibee.
Milanes said Joliibee Group is the only Filipino company identified so far but the attack has affected 50 companies in the US.
Milanes did not rule out the possibility of the incident being an inside job.
He said the unauthorized access to Jollibee’s data lake may have compromised not just personal data of customers but also of employees and of the company itself.
He warned the data could be used by scammers for fraud and identity theft or in spreading text scams and phishing.
Milanes said Jollibee is determining the extent of the breach and has sought 20 days from June 22 to identify and notify the data subjects and to conduct an internal investigation.
He said the NPC is doing a parallel investigation and monitoring.
Milanes advised companies storing massive data to beef up their cybersecurity as a data breach such as what happened to Jollibee could cause damage to their reputation.