Urgent action is needed as security professionals from Synopsys warn companies to immediately implement extra security measures in response to a reported data breach at Jollibee Foods Corp (JFC) that has potentially exposed the personal information of 11 million customers.
Kelvin Lim, the senior director of Security Engineering at Synopsys Software Integrity Group, said, "No company is safe from cyberattacks, given the recent Jollibee group data leak."
Data leak
The Philippine National Privacy Commission (NPC) reported receiving a notice from JFC on June 22 regarding a detected unauthorised access to the company's database. NPC said the breach has potentially compromised sensitive personal information such as birth dates and seniors' ID numbers. As the company investigated the matter, it notified affected customers and coordinated with authorities and cybersecurity professionals.
“Data breaches are becoming far too common in recent weeks. Fortunately in this case, only customer emails were compromised and not private information. While the addresses may already be known publicly, this would allow an attacker to craft targeted phishing campaigns about this brand to elicit the targets to perform an action like resetting a password on a malicious landing page resembling the official one. Customers should be diligent of any emails requesting immediate action as that is a warning sign of an attack,” Thomas Richards, principal security consultant within the Synopsys Software Integrity Group said, stressing the need for customer vigilance.
Winning back trust
"Given the damage caused by the attack, Jollibee will need to conduct a comprehensive investigation, put in place extra security measures, and advise customers of the measures taken to prevent such attacks in the future to win back their trust," Lim said.
