Jollibee Cyberattack: Data Breach Exposes Sensitive Information of 32 Million Customers

Jollibee, the beloved fast-food chain in the Philippines, is currently facing a major crisis as it has allegedly fallen victim to a massive data breach. The cyberattack, which was brought to light on June 20, 2024, by a threat actor operating under the alias “Sp1d3r”, has put the sensitive data of 32 million customers at risk.

The threat actor claimed responsibility for breaching the systems of Jollibee Foods Corporation and offered to sell the database containing customer information for $40,000. The hacker boasted about having access to a vast amount of data, including names, addresses, phone numbers, email addresses, and hashed passwords of Jollibee customers. Additionally, the attacker allegedly exfiltrated 600 million rows of data related to food delivery, sales orders, transactions, and service details.

Despite the severity of the situation, Jollibee Foods Corporation has yet to issue an official statement regarding the alleged data breach. The Philippines National Privacy Commission (NPC) has also not been notified about the incident, as required by regulations.

This cyberattack comes in the wake of similar breaches orchestrated by the same threat actor, “Sp1d3r”, targeting companies like Snowflake and QuoteWizard. The Jollibee Cyberattack serves as a stark reminder of the vulnerabilities present in the digital world and underscores the importance of cybersecurity measures for both companies and customers.

As the investigation into the breach continues, customers are advised to remain vigilant and follow any guidance provided by Jollibee and cybersecurity experts. The impact of this breach on millions of customers is a cause for concern, and it highlights the ongoing battle against cyber threats in today’s interconnected world.