Style Living Self Celebrity Geeky News and Views
In the Paper BrandedUp Hello! Create with us Privacy Policy

S&R members' info may have been exposed in cyber attack; NPC to probe possible data breach

Published Nov 24, 2021 3:38 pm Updated Nov 24, 2021 7:54 pm

S&R Membership Shopping on Nov. 24 said membership data limited to contact information have been “compromised” during a recent cyber attack.

In a statement, S&R said a recent cyber attack prompted its management to strengthen its cybersecurity protocols and resume its system operations. It also assured that members’ credit card and other financial information “are safe and secured.”

“Limited membership data, which are confined to contact information, may have been compromised. However, all our members’ credit card and other financial information are safe and secured, as these data are protected by encryption measures as required by regulation,” it added.

“Our business was not affected, and we continue to deliver a convenient and fulfilling member-customers shopping experience,” it added.

The management said it has been ramping up its security protocols to protect its IT system.

The National Privacy Commission (NPC) said that S&R initially filed a breach notification report, which is required by law, last Nov. 15 to inform them of the attack.

But NPC said that the company filed a supplemental report today, Nov. 24, confirming that the subject of the ransomware attack was the company’s system affecting 22,000 data subjects. S&R said that the date of birth, contact number, and gender of the data subjects were compromised.

NPC said that credit cards and other financial information were not among the compromised personal data in the attack.

“They informed the Commission that they instituted measures to secure their system, recover compromised data, prevent further disclosure, and recurrence of similar attacks,” said Rainier Milanes, NPC’s compliance and monitoring division chief.

S&R customers voiced out their frustration on social media, with some members whose personal information were stolen should be “compensated.” 

Screengrabs from S&R Membership Shopping's Facebook account

Facebook user Marvin Jay C. Ramirez said S&R’s customers need “assurance” that their names, contact numbers, and addresses wouldn’t be exposed. “Even though you say that contact information has been compromised, the fact that it has been tampered with says how weak your IT security is. Our names, addresses, and cellphone numbers are can be used by criminals and we're so disappointed with how your IT security and S&R as a whole handled this.” 

NPC public information and assistance division chief Roren Chin told reporters that the commission is evaluating S&R’s breach notification report,.

“S&R already submitted a breach report. We are evaluating the said report and will require submissions of compliance documents,” Chin added.