NPC: Jollibee breach may be connected to worldwide string of data breaches involving 165 companies | ABS-CBN
ADVERTISEMENT
Welcome, Kapamilya! We use cookies to improve your browsing experience. Continuing to use this site means you agree to our use of cookies. Tell me more!
NPC: Jollibee breach may be connected to worldwide string of data breaches involving 165 companies
NPC: Jollibee breach may be connected to worldwide string of data breaches involving 165 companies
Fastfood giant Jollibee store at the Bonifacio Global City (BGC) in Taguig. July 4, 2017. Jonathan Cellona, ABS-CBN News/File
Fastfood giant Jollibee store at the Bonifacio Global City (BGC) in Taguig. July 4, 2017. Jonathan Cellona, ABS-CBN News/FileMANILA -- The recent Jollibee data breach affecting 11 million of its customers may be connected to the recent string of data breaches that have already affected around 165 companies worldwide, the National Privacy Commission said Wednesday.
MANILA -- The recent Jollibee data breach affecting 11 million of its customers may be connected to the recent string of data breaches that have already affected around 165 companies worldwide, the National Privacy Commission said Wednesday.
"Base sa ating pagsisiyasat, nakita natin na maari itong connected sa marami pong extortion activities na nangyayari sa buong mundo, specifically ngayong Hunyo," Atty. Rainier Anthony Millanes, Chief of the Compliance and Monitoring Division of the National Privacy Commission said in a televised interview.
"Base sa ating pagsisiyasat, nakita natin na maari itong connected sa marami pong extortion activities na nangyayari sa buong mundo, specifically ngayong Hunyo," Atty. Rainier Anthony Millanes, Chief of the Compliance and Monitoring Division of the National Privacy Commission said in a televised interview.
"Meron tayong nakita around 165 companies around the world ang inaatake," he added. "Ang similar na attack na nangyari sa Jollibee patungkol sa kanilang data lake, o yung data repository ng mga datos ng sensitibong impormasyon ng kanilang mga clients o customer pagdating sa kanilang mga client o customer."
"Meron tayong nakita around 165 companies around the world ang inaatake," he added. "Ang similar na attack na nangyari sa Jollibee patungkol sa kanilang data lake, o yung data repository ng mga datos ng sensitibong impormasyon ng kanilang mga clients o customer pagdating sa kanilang mga client o customer."
It is highly probable that an international syndicate may be behind the data breach to extort money from big companies around the world, said Millanes.
It is highly probable that an international syndicate may be behind the data breach to extort money from big companies around the world, said Millanes.
ADVERTISEMENT
"Parehong-pareho po ang nagamit na cloud computing service, o cloud database na ginagamit nila, parehong provider po ang nakita natin, and this specific provider ng Jollibee is also involved sa string ng data breach sa buong mundo," he explained.
"Parehong-pareho po ang nagamit na cloud computing service, o cloud database na ginagamit nila, parehong provider po ang nakita natin, and this specific provider ng Jollibee is also involved sa string ng data breach sa buong mundo," he explained.
The Jollibee Foods Corporation earlier asked the NPC for 20 days to conduct its own internal investigation, and to notify their customers affected by the breach.
The Jollibee Foods Corporation earlier asked the NPC for 20 days to conduct its own internal investigation, and to notify their customers affected by the breach.
The NPC earlier said that customers of other fast food chains including Chowking, Greenwich, Red Ribbon, Mang Inasal, Yoshinoya, and Panda Express were also affected.
The NPC earlier said that customers of other fast food chains including Chowking, Greenwich, Red Ribbon, Mang Inasal, Yoshinoya, and Panda Express were also affected.
Aside from customers' data, Millanes says there is a possibility that hackers have also gained access to other information from Jollibee as well.
Aside from customers' data, Millanes says there is a possibility that hackers have also gained access to other information from Jollibee as well.
"Kapag sinabing data lake, koleksyon po yan ng structured or unstructured na data, so maari pong hindi lang personal data kundi pati mga datos ng mga empleyado ng Jollibee kasama dyan, pati yung mga datos ng Jollibee na ginagamit nila sa kanilang operations ay kasama din po dyan," Millanes said.
"Kapag sinabing data lake, koleksyon po yan ng structured or unstructured na data, so maari pong hindi lang personal data kundi pati mga datos ng mga empleyado ng Jollibee kasama dyan, pati yung mga datos ng Jollibee na ginagamit nila sa kanilang operations ay kasama din po dyan," Millanes said.
ADVERTISEMENT
The NPC official is not ruling out the possibility of an inside job, as it conducts its own parallel investigation on the matter.
The NPC official is not ruling out the possibility of an inside job, as it conducts its own parallel investigation on the matter.
"Hindi natin niru-rule out, iyong inside job. Patuloy po natin itong ini-evaluate at in parallel po, kasi sa amin po sa Compliance and Monitoring Division, kami po ay nag-i-evaluate ng mga data breach submissions," he said.
"Hindi natin niru-rule out, iyong inside job. Patuloy po natin itong ini-evaluate at in parallel po, kasi sa amin po sa Compliance and Monitoring Division, kami po ay nag-i-evaluate ng mga data breach submissions," he said.
"Pero in parallel po, ang ginagawa rin ng komisyon, mayroon kaming Complaints and Investigation Division, so in parallel po, sila naman po iyong nag-iimbestiga patungkol po doon sa kung sinuman po iyong… and kasama rin po ang other law enforcement agency sa Pilipinas – PNP Cybercrime, NBI ‘no – sila rin po ay kasama natin para matunton po kung sino po ang talagang gumawa nitong data breach na ito, iyong nagtatago sa pangalang 'Spider'," he added.
"Pero in parallel po, ang ginagawa rin ng komisyon, mayroon kaming Complaints and Investigation Division, so in parallel po, sila naman po iyong nag-iimbestiga patungkol po doon sa kung sinuman po iyong… and kasama rin po ang other law enforcement agency sa Pilipinas – PNP Cybercrime, NBI ‘no – sila rin po ay kasama natin para matunton po kung sino po ang talagang gumawa nitong data breach na ito, iyong nagtatago sa pangalang 'Spider'," he added.
Millanes is reminding companies to implement proper security measures or organizational technical and security measures for data protection or face administrative fines.
Millanes is reminding companies to implement proper security measures or organizational technical and security measures for data protection or face administrative fines.
"Inaabisuhan ko na ang mga kumpanya na may big data processing tulad ng Jollibee na mag-beef up na kayo, mag-improve na kayo on cybersecurity. Wag nyo nang hayaan, na maging biktima nito. This will definitely cause damage to the reputation of your organization, among others," he said.
"Inaabisuhan ko na ang mga kumpanya na may big data processing tulad ng Jollibee na mag-beef up na kayo, mag-improve na kayo on cybersecurity. Wag nyo nang hayaan, na maging biktima nito. This will definitely cause damage to the reputation of your organization, among others," he said.
ADVERTISEMENT
"Obligasyon natin… na kapag prinoseso natin ang datos nila, ay atin din itong poprotektahan."
"Obligasyon natin… na kapag prinoseso natin ang datos nila, ay atin din itong poprotektahan."
He is also warning the public to be on alert, as the data leak could be used for identity theft, as well as the proliferation of more scam texts and emails.
He is also warning the public to be on alert, as the data leak could be used for identity theft, as well as the proliferation of more scam texts and emails.
RELATED VIDEO:
ADVERTISEMENT
ADVERTISEMENT
