Membership shopping store S&R has reported to the National Privacy Commission that it recently suffered a ransomware attack, with personal information of 22,000 members stolen during the incident.
The store initially notified the NPC of the breach on November 15, one day after the security attack happened, and followed it with a supplemental report on November 24. Among the compromised personal data of affected members include birthdate, contact number, and gender.
See also: NPC urges telcos to combat text scams
The damage appears to be limited as financial information, such as credit card numbers, fortunately, remain safe and uncompromised. As explained by S&R’s data protection officer, these data are covered by protective measures including encryption.
S&R also reported that it shortly took action after the attack to bolster their security, recover the compromised data, and stop similar attacks from occurring in the future. The store, as directed by NPC, will also notify the affected members.
Source: One News