Jollibee Foods Corporation released a statement on Saturday, June 22, admitting to taking action against a cybersecurity incident that allegedly threatened its database of customer data.
During the week, Jollibee Group has been included in two major data breach events claimed by threat actors online through hacking forums – the exploit of Maxicare Healthcare Corporation’s third-party booking service Lab@Home, and with its own food delivery platform.
With the breach involving Maxicare, Jollibee is one of more than 1,000 large-scale companies whose data, specifically employee lab test results with personal identifiable information (PII), were illegally obtained via web scraping method of attack.
Meanwhile, the exploit on the Jollibee Food Delivery platform involves the data theft of 32 million customers with PII, and 600 million rows of data that contains details on food delivery, sales orders, transactions, customers, and service now.
With the latest data breach incident, the hacker who goes by the handle ‘Sp1d3r,’ is selling this big chunk of data for $40,000.
As Jollibee Group’s own investigation continues, it assured customers that its “e-commerce platforms are unaffected and remain operational.”
“Parallel to these efforts, we are working closely with relevant authorities and experts. Please be assured that we are continuously fortifying our defenses against future threats and remain committed to our priority of safeguarding customer data,” Jollibee Group said in a statement.
This hacking incident adds to a string of major data breaches this month of enterprises based in the Philippines which includes Toyota Motor Philippines, Jollibee Food Corporation, Maxicare Healthcare Corporation, and Robinsons Malls.