Jollibee, the Philippines’ leading fast-food chain, has reportedly fallen victim to a major data breach. The cyberattack on Jollibee came to light on June 20, 2024, when a threat actor going by the alias “Sp1d3r” claimed responsibility for infiltrating the systems of Jollibee Foods Corporation. This notorious hacker stated that they had acquired access to the sensitive information of 32 million customers of the fast-food giant and was offering to sell the database for $40,000.
The details of the Jollibee Cyberattack were disclosed by the threat actor on BreachForums, a popular platform for posting data breaches and hack-related information. According to the hacker, Jollibee Foods Corporation operates a chain of fast-food restaurants globally, with over 1,500 outlets in various regions such as Southeast Asia, East Asia, the Middle East, North America, and Europe. The hacker claimed to have compromised the data of 32 million Jollibee customers including personal details such as names, addresses, phone numbers, email addresses, and hashed passwords. Additionally, the hacker allegedly extracted 600 million rows of data related to food delivery, sales orders, transactions, and service details. To validate these claims, the threat actor provided a sample of the data in a tabular format compatible with spreadsheet applications like Microsoft Excel and Google Sheets.
While the exact extent of the data breach is still unclear, the potential impact on the millions of customers affected is a matter of concern. Despite these alarming developments, Jollibee Foods Corporation has not yet responded or issued an official statement regarding the cyberattack. The Cyber Express has sought comments from the company to verify the claims and will update the article once any response is received, along with information on any preventive measures in place to safeguard critical data from misuse.
Moreover, the National Privacy Commission (NPC) in the Philippines has not been notified by Jollibee Foods Corporation regarding the breach, which is required under NPC regulations to inform affected individuals and report such incidents within 72 hours of detection.
As investigations into the Jollibee cyberattack progress, the threat actor “Sp1d3r” has been linked to other recent breaches, including a significant breach of data from QuoteWizard involving sensitive information of over 190 million individuals. The same hacker was also responsible for a data breach at Advance Auto Parts, Inc., where three terabytes of customer data were claimed to have been stolen from the Snowflake cloud storage of the company. This series of cyberattacks underscores the vulnerabilities present in the digital landscape, highlighting how even well-established companies can fall prey to malicious hackers.
Customers are advised to remain vigilant and follow any guidance provided by Jollibee and cybersecurity experts to mitigate the risks associated with the breach. Stay tuned for further updates as the situation unfolds.