Jollibee is complying with an order from the National Privacy Commission (NPC) to temporarily take down its online delivery website. In a statement, the country’s biggest fast food chain said this measure will give way to “faster online delivery system improvements.” It added that this will also enable the company to update security measures to further strengthen data protection.
By end of day of Tuesday (May 8), the privacy regulator ordered Jollibee to temporarily suspend its online delivery system until the website’s vulnerabilities are properly addressed. NPC classified the system to be at ‘high risk’ to possible exposure to compromise due to vulnerabilities. It clarified that the company’s database has not yet been breached.
This is not the first time NPC is asking a fast food chain to act on vulnerabilities in system security. On May 2, NPC ordered Wendy’s Philippines to notify customers whose information had been exposed from an April 23 breach of its website. The agency said about 82,150 records were compromised.
In the case of Jollibee, no data has been exposed yet, though the suspension order is a measure to counter any possibility of data breach. This security risk was first discovered in December 2017 after a cybersecurity firm identified a ‘security gap’ in Jollibee’s website. In February, NPC warned that the online site remains vulnerable as personal information of customers could still be easily extracted from it.
Data of up to 18 million Jollibee online customers could possibly be compromised if the system’s vulnerability would not be addressed soon. Meanwhile, Jollibee notified that it is also temporarily suspending online delivery service of its sister brands except Burger King, which has its system on another platform.