National Privacy Commission NPC) reported on Monday (June 24, 2024) that unauthorised access to Jollibee Group's customer data affected 11 million people. Image Credit: Supplied

Manila: An estimated 11 million individuals were exposed in an unauthorised access to Jollibee customer data, according to authorities here.

The National Privacy Commission (NPC) announced on Monday that food giant Jollibee Group has reported the breach.

Get exclusive content with Gulf News WhatsApp channel

It’s not clear how extensive is the data breach, but according to the NPC, sensitive personal information – including birthdates and senior ID numbers – has been “compromised”.

Jollibee notified the NPC on June 22 at 11:38 am, as reported by the official Philippines News Agency.

The breach also impacts other brands under the Jollibee Group, such as Mang Inasal, Red Ribbon, Chowking, Greenwich, Burger King, Yoshinoya, and Panda Express.

Jollibee Foods Corporation has requested an additional 20 days to complete its internal investigation, according to the NPC.

Jollibee Group is the latest company to report a data breach, following similar incidents from carmaker Toyota and real estate firm Robinsons Land earlier this month.

The NPC advises individuals who believe they may be affected by any data breaches to contact their firm's data protection officers and report the incident to the commission.

Here's a breakdown of the recent data breaches involving Jollibee and Maxicare:


Status: Details are still emerging, but the National Privacy Commission of the Philippines (NPC) confirmed receiving a data breach notification from Jollibee on June 22, 2024.

Scope: Customers’ data compromised, including personal information (birthdays and senior citizen ID cards). The data breach’s extent is unclear at this point. Jollibee Group asked for 20 more days to wrap up its internal investigation.


Status: Confirmed data breach impacting nearly 13,000 members (less than 1 per cent of their membership base).

Scope: Information compromised may include booking request details like names, company IDs, contact information, and VIP statuses. Maxicare assures no sensitive medical information was exposed.

Cause: The breach occurred through a third-party homecare provider, Lab@Home, whose booking platform was compromised. Maxicare's own systems were not affected.

What to do:

Jollibee: Stay informed by checking official announcements from Jollibee or the NPC. Be cautious of phishing attempts related to the data breach.

Maxicare: If you're a Maxicare member, they recommend staying vigilant and reporting any suspicious activity related to your account. You can also contact Maxicare directly for further information.

It's important to remain cautious about potential phishing attempts related to these data breaches. Don't click on suspicious links or share personal information unless you're certain of the source.