MANILA – The National Privacy Commission (NPC) has ordered the suspension of local fast-food giant Jollibee's online delivery platform after it was found to be vulnerable to unauthorized access.
Aside from the online delivery platform, NPC also ordered the Jollibee Foods Corp. (JFC) to suspend the operation of all of its data processing platform to the public through the internet and also to restrict external access to their networks.
The Commission’s order is a result of its investigation in relation to a “data breach notification” submitted by JFC in December 2017.
“Persons unknown to the JFC Group appeared to have been able to gain access to the customer database of the delivery website for Jollibee,” the NPC said. In subsequent meetings with the NPC, the dominant local fast-food company made assurances that it will institute corrective measures regarding the supposed data leak.
However, the NPC’s Complaints and Investigation Division (CID) found out that JFC’s delivery service website remains vulnerable to unauthorized access. “Such vulnerabilities may allow malefactors with little to moderate technical knowledge and skill to access personal information of Jollibee patrons through its website,” the NPC noted.
It noted that about 18 million individuals on JFC’s database have “high risk” to exposure of personal data. The suspension will remain effective for an “indefinite time”, according to NPC, until the website’s vulnerabilities are satisfactorily addressed. (PNA)
