NPC: Jollibee care less about customers data privacy
News broke out today that the National Privacy Commission has ordered Jollibee Foods Corporation to shut down its delivery website indefinitely and until its vulnerabilities are fixed. With this move, the data of some 18M customers has been kept safe.
I’m quite sure I don’t have an account on their delivery website because we don’t order take out from Jollibee that much. The few times, which is less than 10 so far, that we did, I ordered as a guest which didn’t require registering for an account.
From the NPC Order, which has a good rundown of how the vulnerabilities were discovered, what steps has been taken and what steps are needed to be taken by JFC, one particular line stands out:
As DPO, Gustilo acknowledged difficulty in effecting the needed data protection and security measures for various reasons, such as budgetary constraints, low prioritization or outright disinterest within the organization.
Yeah. That from our own homegrown fast food giant. If that is not corporate greed then I don’t know what is.