NPC: Jollibee Group data breach may be part of ransomware attacks on 165 companies

The recent data breach that hit Jollibee Foods Corp. (JFC) may be connected to a string of ransomware activities targeting companies globally, the National Privacy Commission (NPC) said Wednesday.

NPC Compliance and Monitoring Division chief Rainier Anthony Millanes said at least 165 companies worldwide were affected by the attacks, wherein cyber criminals gained unauthorized access and compromised their data lake. 

Data lake is a collection of structured and unstructured data, which may contain personal and sensitive data as well as employee data and other information a company is using for its operations.

“Maaaring connected ito sa string of extortion activities. Ito po ‘yung paghingi ng pera kapalit ng datos o ransomware extortion activities na nangyayari ngayon sa buong mundo,” Millanes said in a public briefing. 

(It may be connected to string of extortion activities or  ransomware extortion activities happening globally.)

“Parehong-pareho ang gamit…’yung cloud database na ginagamit nila parehong provider. This specific provider ni Jollibee is also involved in a string of data breach sa buong mundo,” he added. 
(The victims are using the same provider for their cloud databases. The provider was also involved in a string of data breaches worldwide.)

Last week, the NPC said some 11 million data subjects of JFC were affected by a possible unauthorized access to its data, compromising sensitive personal information such as dates of birth and senior identification numbers.

JFC earlier said it is looking into the matter and has requested an additional 20 days to complete its internal investigation.

The company earlier said it has implemented response protocols, in addition to enhanced security measures as it assured that its e-commerce platforms have not been affected and will remain operational.

Asked if the attack could be an inside job, Millanes said the NPC is not discounting the possibility:  “Hindi natin niru-rule out ang inside job. Meron kaming Complaints and Investigation Division, sila ‘yung nag-iimbestiga…para matunton sino ang gumawa nitong data breach na ito”. 

“’Yung nagtatago sa pangalan na ‘Spider’,” he added. 

(We’re not ruling out inside job. We have a Complaints and Investigation Division who investigates this and try to identify an alias Spider.)

Alias ‘Spider’  is an alleged cybercriminal who leaked the data breach to a darkweb site, according to Millanes. He may be a member of an international group of hackers.

NPC reminds public to remain vigilant

The NPC said JFC is obliged to inform and notify affected customers after their probe. The company is also mandated to assist victims in strengthening and protecting their data. 

The commission also warned the public against the possible proliferation of scam and phishing text scams following the data breach and reminded the public to remain vigilant and  to report phishing or scam emails.

“Inaabisuhan ko na ang lahat ng kumpanya na may big data processing tulad ng Jollibee na mag-beef up na kayo. Mag-improve na kayo on your cybersecurity,” said Millanes.

(We advise companies with big data processing to beef up and improve their cybersecurity.)

“Huwag na nating hayaan na pati kayo maging biktima nito. This will definitely cause damage to the reputation of your organization, among others,” he said. 

(Don’t let yourselves be victimized. This will definitely cause damage to the reputation of your organization, among others.)—RF, GMA Integrated News