THE National Privacy Commission (NPC) announced on Monday that it had been notified by the Jollibee group of a data breach affecting approximately 11 million data subjects.

According to the NPC, Jollibee reported at 11:38 a.m. on June 22 about a potential unauthorized access to its data lake, which contains data for all companies within the group.

The data breach is reported to have compromised sensitive personal information, including dates of birth and senior citizen identification card numbers.

“Approximately 11 million data subjects are affected, the majority of whom are Jollibee customers. Other impacted brands include Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express,” the NPC said.

 “Jollibee Foods Corp. (JFC) has requested an additional 20 days to complete its internal investigation,” it added.

In a disclosure to the Philippine Stock Exchange, JFC said: “The company is addressing the incident and has implemented its response protocols and deployed enhanced security measures to further protect the company’s and its subsidiaries’ data against threats.”

“The company has also launched its investigation on the matter to understand the scope of this incident, and is currently working with the relevant authorities and experts in its investigation,” it added.

According to JFC, while the breach impacted several subsidiaries, its own and its subsidiaries’ e-commerce platforms remain unaffected and operational.

“JFC recognizes the value and importance of the confidentiality of the personal information of its stakeholders,” the company said. 

“The company assures the public of its commitment to prioritize the protection and confidentiality of such personal information, including customer data, by continuously fortifying its defenses against future threats,” it added.

The data breach at JFC marks the fifth incident reported by NPC this month alone. — Justine Irish D. Tabile