Cyber Threat Radar – Prominent companies in the Philippines such as health maintenance organization Maxicare, Jollibee Foods Corporation, and the Maritime Industry Authority have experienced data breaches that have compromised customer records.
Maxicare Data Breach
Maxicare recently announced a data breach on June 19, which resulted in the exposure of personal information belonging to 13,000 members. This accounts for less than 1 percent of their total membership base. As stated on their website, Maxicare has a vast network of over 20,000 affiliated doctors and specialists, along with more than 1,300 hospitals and clinics, over 700 dental clinics, and 140 rehabilitation, dialysis, and eye centers.
Currently, Maxicare provides healthcare services to over 1.8 million members across the country, catering to various segments such as corporate, small and medium-sized enterprises, as well as families and individuals. The compromised records that have been exposed belong to individuals who utilized Lab@Home, a booking platform provided by their third-party home-care provider.
The company has stated that compromised information may consist of data used for booking requests, but no confidential medical information was disclosed. In a statement, it was clarified that Lab@Home maintains a separate database for booking requests, which is not connected to Maxicare’s system.
Furthermore, the company reassured customers that its business operations, network, and customer data have not been affected in any manner. Maxicare has taken immediate action to implement emergency measures to safeguard the privacy and security of potentially affected members.
Jollibee Foods Corporation Data Breach
Reports have also surfaced regarding a potential data breach at Jollibee Foods Corporation, the largest fast-food chain in the Philippines. It is believed that the breach may have compromised the personal information of 32 million customers, as well as 650 million records associated with Jollibee’s food delivery services.
The data breach has exposed a range of sensitive customer information, including names, addresses, phone numbers, email addresses, and hashed passwords. Moreover, detailed records of food delivery orders, sales transactions, and service details have also been compromised.
Philippine Maritime Industry Authority Data Breach
The Philippine Maritime Industry Authority (MARINA) also confirmed that four of its online systems were targeted and breached on June 16. Marina stated that officials and staff members were promptly dispatched to the central office to enforce security measures and safeguard the systems’ integrity.
Upon detecting the attack, MARINA promptly dispatched personnel to its central office in Manila’s Port Area on Sunday. The agency emphasized its swift response in implementing protective measures. Currently, MARINA’s IT team is collaborating with the Department of Information and Communications Technology-Cybercrime Investigation and Coordinating Center (DICT-CICC) to investigate the breach and minimize potential risks to sensitive information.
Although MARINA did not disclose the specific systems affected or the extent of the breach, these systems handle critical data such as vessel registrations, seafarers’ information documents, and record books. As the regulatory authority overseeing maritime activities, MARINA aims to have its systems fully operational by Tuesday to resume normal application processing.
Cyberattacks Targeting Philippine Government Entities
These latest security incidents contributes to a series of cyberattacks targeting Philippine government entities. In May, the Philippine National Police (PNP) suspended its online services due to breaches that impacted its Logistics Data Information Management System and the Firearms and Explosives Office. Additionally, in October 2023, a ransomware attack compromised the data of more than 13 million members of the Philippine Health Insurance Corp.
“At present, given that we solely rely on the statements issued by the companies affected, it is premature to draw any definitive conclusions regarding these reported data breaches,” said Tim Royston-Webb, CEO, SentryBay. “Irrespective of the legitimacy of the breaches, organizations should not lower their guard and remain vigilant at all times.”
In today’s world with more and more data being handled outside of the protection of the corporate perimeter, with BYOD, remote working and hybrid working, SentryBay’s patented Armored Client solution can help with both compliance and the overall security posture. By securing the input of sensitive data and by wrapping security around the applications which handle sensitive data, organisations can add another layer, boosting the protection of devices and mitigating against data breaches.