Philippine fast-food chain operator Jollibee Foods Corp. has been given 10 days from May 4 to implement measures to rehabilitate the vulnerabilities in its online delivery portal's customer database.
The country's National Privacy Commission suspended the company's online delivery operations until its site's vulnerabilities are addressed.
The commission said there is a "very high risk" that about 18 million customers registered on the database will be exposed to harm from people, unknown to Jollibee, who have been able to gain access to the site's database.
The company notified the commission about the breach Dec. 8, 2017. The commission's complaints and investigation division subsequently conducted an investigation and confirmed that a member of Jollibee's marketing team noticed a security gap in the website.
The commission also found in February that Jollibee's website remains vulnerable to unauthorized access.
The NPC has ordered the fast-food restaurant operator to employ privacy by design in the re-engineering of its data infrastructure.
