Statement of NPC on S&R data breach

The National Privacy Commission (NPC) received an initial breach notification report on November 15, 2021, 4:47 PM, from S&R Membership Shopping in relation to a cyber-attack that may have compromised its members’ contact information. The S&R said that it discovered the security incident last November 14, 2021.

The company has then submitted an supplemental breach report today, November 24, 2021, confirming that the subject of the ransomware attack was the S&R membership system affecting twenty-two thousand (22,000) data subjects. According to the said report, the following personal data were compromised:

– date of birth

– contact number

– gender

Based on the S&R’s disclosure and confirmation from their data protection officer (DPO), credit cards and other financial information were not among the compromised personal data.

They informed the Commission that they instituted measures to secure their system, recover compromised data, prevent further disclosure, and recurrence of similar attacks.

The NPC reiterated to S&R their obligation to fully disclose and individually notify the affected data subject. Likewise, the Commission directed them to provide the technical report of the incident from the third-party cyber security firm.

ATTY. RAINIER A M MILANES
Chief, Compliance and Monitoring Division

REPUBLIC OF THE PHILIPPINES

All content is in the public domain unless otherwise stated.

ABOUT GOVPH

Learn more about the Philippine government, its structure, how government works and the officials behind it.

GOV.PH
Open Data Portal
Official Gazette
GOVERNMENT LINKS
Department of Information and Communications Technology
Office of the President
Office of the Vice President
Senate of the Philippines
House of Representatives
Supreme Court
Court of Appeals
Sandiganbayan
NPC PRIVACY NOTICE
CONTACT US

+632 5322 1322

[email protected]