Jollibee data breach could affect millions of customers

Known threat actor is allegedly selling a huge Jollibee database

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Food service giant Jollibee has allegedly suffered a cyberattack and a data breach after experts claim to have found a database filled with sensitive customer data for sale.

Deep Web Konek found a database being sold by a threat actor under the alias “Sp1d3r”. The archive allegedly contains sensitive data on 32 million Jollibee customers, including their full names, postal addresses, phone numbers, and email addresses. Furthermore, Sp1d3r is apparently selling “extensive records” of food delivery orders, sales transactions, and service details.

The company responded to say that it is currently actively investigating the incident and that it deployed response protocols. However, it did not confirm, nor deny, the breach, or the data theft:

Contained incident

Contained incident

“We take this matter seriously and have launched an investigation to better understand the scope of the incident,” Jollibee said in a statement toBloomberg. “We have implemented response protocols in addition to enhanced security measures to further protect data against threats,” it added.

Inquirerreports that the incident was contained only to the company’s delivery system. Its e-commerce platforms are unaffected, and remained operational, it was said.

Sp1d3r is a threat actor that’s been making quite a few headlines these past couple of weeks, mostly with regards to the recent Snowflake breach. TechRadar Pro has already reported on Sp1d3r selling sensitive data from Advance Auto Parts for $1.5 million, cybersecurity pros Cylance for $750,000, and the Truist bank, for $1 million.

Jollibee Foods Corporation operates a network of restaurants, primarily under the Jollibee brand, which is well-known for its fast food offerings such as fried chicken (often referred to as “Chickenjoy”), burgers, spaghetti, and other Filipino-inspired dishes.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaInquirer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics