Ransomware attack on S&R compromised members' data: Privacy watchdog

ABS-CBN News

Posted at Nov 24 2021 07:48 PM

MANILA - The National Privacy Commission on Wednesday said S&R Membership Shopping informed it this afternoon of the extent of the data compromised in the recent cyber-attack on the company. 

The NPC said that based on the initial breach notification submitted by S&R on Nov. 15, the company discovered the security incident on Nov. 14. 

The privacy watchdog said S&R informed it in a supplemental breach report on Wednesday afternoon that “the subject of the ransomware attack was the S&R membership system affecting 22,000 data subjects.”

A ransomware attack encrypts the files of a victim, making them inaccessible. A ransom is then demanded to restore access to the data. 

Data on S&R members’ date of birth, contact number, and gender, “were compromised”, NPC said. 

Earlier today, S&R said “limited membership data, which are confined to contact information may have been compromised in a recent cyber attack.”

But the company assured members that credit card and other financial information "are safe and secured" and are covered by encryption measures.

The NPC said S&R has told the agency that it has instituted measures to secure the company’s system, recover compromised data, prevent further disclorsure and the recurrence of similar attacks. 

In a statement, S&R said it has already informed its members directly, reassuring them that no credit card details and other financial information have been compromised. 

ICT rights advocate Pierre Tito Galla said S&R members whose data was affected should be on guard for potential identity theft. 

“In this case, kung may na-involve na contact information, yung risk includes potential identity theft,” Galla said. 

(In this case, if contact information is involved, the risk includes potential identity theft.)

- With a report from Warren de Guzman, ABS-CBN News

RELATED VIDEO

Watch more on iWantTFC