Jollibee allegedly hit by cyberattack, sensitive customer data compromised

Jollibee Foods Corporation, a leading fast food service provider, is reportedly the victim of a significant cyberattack, with sensitive customer data allegedly compromised and put up for sale. Cybersecurity experts from Deep Web Konek identified a database sold by a threat actor, “Sp1d3r.” 

The database allegedly contains the personal information of 32 million Jollibee customers, including full names, postal addresses, phone numbers, and email addresses. In addition, the data purportedly includes detailed records of food delivery orders, sales transactions, and service details.

Jollibee has initiated an investigation and activated response protocols in response to these allegations. The company has not confirmed nor denied the breach or data theft. In a statement to Bloomberg, Jollibee emphasized the seriousness with which they treated the incident and detailed the actions taken. “We take this matter seriously and have launched an investigation to better understand the scope of the incident,” Jollibee stated. The company also mentioned implementing enhanced security measures to protect against future threats.

According to reports from the Inquirer, the incident appears to be contained within Jollibee’s delivery system, leaving its e-commerce platforms unaffected and fully operational.

The threat actor behind the Jollibee breach, Sp1d3r, has been active recently and is also linked to the recent Snowflake breach. TechRadar Pro reported Sp1d3r’s involvement in selling sensitive data from companies such as Advance Auto Parts for $1.5 million, Cylance for $750,000, and Truist Bank for $1 million.

Jollibee Foods Corporation is renowned for its fast food offerings under the Jollibee brand, including popular items such as “Chickenjoy” fried chicken, burgers, spaghetti, and other Filipino-inspired dishes. The company operates an extensive network of restaurants, primarily in the Philippines and international markets.