MANILA - The Philippines' data privacy watchdog has ordered fast-food chain Jollibee to suspend the operations of its delivery website after the company admitted vulnerabilities in its system.
The National Privacy Commission, in a notice dated May 4, ordered the suspension of jollibeedelivery.com "for an indefinite time until the site’s identified vulnerabilities are addressed."
The commission said Jollibee's data privacy officer earlier notified it that the website's database protection was not up to date, and some data, including personal information, were unencrypted.
An assessment conducted by the commission's Complaints and Investigation Division (CID) also found Jollibee’s website vulnerable to unauthorized access.
"Such vulnerabilities may allow malefactors with little to moderate technical knowledge and skill to access personal information of Jollibee patrons through its website," the commission said.
A check with jollibeedelivery.com showed that it was no longer taking delivery requests. Instead, it advised clients to call its hotline at #87000.
Besides suspending the website, the privacy watchdog also ordered Jollibee to submit a plan on keeping the website's database secure, and file a monthly progress report on the issue.
Last week, the commission also ordered Wendy's Philippines to notify users affected by the data breach on its website on April 23.
Around 82,150 records including personal details such as names, contact numbers, home addresses, hashed passwords, transaction details, and mode of payment of customers, among others, were exposed in the Wendy's leak, the commission said.