A significant data breach at Jollibee Group has compromised the personal information of 11 million individuals across its various brands, according to a statement from the National Privacy Commission (NPC) on Monday.
The breach has exposed sensitive personal details, including dates of birth and Senior Citizen ID numbers of customers. Jollibee notified the NPC of the incident on Saturday.
The NPC reported that the breach resulted from “unauthorized access to [Jollibee Group’s] data lake, which stores data for all companies in the group.” While the majority of those affected are Jollibee customers, the breach also includes customers of Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express.
Jollibee Foods Corporation has requested an additional 20 days to conclude its internal investigation into the breach.
Such breaches, particularly involving sensitive personal information, heighten the risks of identity theft and scams.
In a related incident, health maintenance organization Maxicare reported a data breach last week through a third-party homeware provider, affecting approximately 13,000 members.