Food service giant Jollibee has allegedly suffered a cyberattack and a data breach after experts claim to have found a database filled with sensitive customer data for sale.

Deep Web Konek found a database being sold by a threat actor under the alias “Sp1d3r”. The archive allegedly contains sensitive data on 32 million Jollibee customers, including their full names, postal addresses, phone numbers, and email addresses. Furthermore, Sp1d3r is apparently selling “extensive records” of food delivery orders, sales transactions, and service details.

The company responded to say that it is currently actively investigating the incident and that it deployed response protocols. However, it did not confirm, nor deny, the breach, or the data theft:

Contained incident

“We take this matter seriously and have launched an investigation to better understand the scope of the incident,” Jollibee said in a statement to Bloomberg. “We have implemented response protocols in addition to enhanced security measures to further protect data against threats,” it added.

Inquirer reports that the incident was contained only to the company’s delivery system. Its e-commerce platforms are unaffected, and remained operational, it was said.

Sp1d3r is a threat actor that’s been making quite a few headlines these past couple of weeks, mostly with regards to the recent Snowflake breach. TechRadar Pro has already reported on Sp1d3r selling sensitive data from Advance Auto Parts for $1.5 million, cybersecurity pros Cylance for $750,000, and the Truist bank, for $1 million. 

Jollibee Foods Corporation operates a network of restaurants, primarily under the Jollibee brand, which is well-known for its fast food offerings such as fried chicken (often referred to as “Chickenjoy”), burgers, spaghetti, and other Filipino-inspired dishes.

Via Inquirer

More from TechRadar Pro

Services MarketplaceListings, Bookings & Reviews

Entertainment blogs & Forums

4x corner connector brackets. The national golf & country club at ave maria.