The National Privacy Commission (NPC) has confirmed that Jollibee Foods Corp. (JFC) experienced a data breach impacting approximately 11 million customers across its various brands. The incident was reported to the NPC on June 22nd, Saturday at 11:38 a.m.
The Jollibee breach involved unauthorized access to JFC’s centralized data lake, which stores information for all companies under the Jollibee Group umbrella. The compromised data includes sensitive personal details such as dates of birth and senior citizen ID numbers.
The majority of those affected are Jollibee’s customers, but the breach also extends to patrons of other brands owned by JFC, including Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express.
In response, JFC has initiated an internal investigation and requested an additional 20 days to conclude its review of the incident. A statement from the company over the weekend indicated that they are actively probing the breach, which reportedly targeted their delivery service system.
JFC, a leading fast-food chain in the Philippines and a significant global player, is owned by billionaire Tony Tan Caktiong. The company has assured customers that they are taking steps to address the breach and secure the compromised data.
The NPC is closely monitoring JFC’s ongoing investigation and expects a comprehensive report detailing the scope of the breach and measures taken to mitigate further risks.