22,000 Affected In S&R Ransomware Attack
S&R assured its shoppers that their credit card and other financial information were not among the compromised data but only date of birth, contact number and gender.
Personal data of 22,000 shoppers of S&R Membership Shopping have been compromised in a ransomware attack, the National Privacy Commission (NPC) said on Wednesday, Nov. 24.
In a statement, Rainier Milanes, chief of compliance and monitoring division at NPC said the commission received a supplemental breach report from S&R on Wednesday confirming that the subject of the ransomware attack was the membership system affecting 22,000 data subjects.
“According to the said report, the following personal data were compromised: date of birth, contact number [and] gender,” he said.
He also said credit card and other financial information were not among the compromised data based on S&R’s disclosure and confirmation from their data protection officer.
The NPC received an initial breach notification report from S&R last Nov. 15.
Milanes said the security incident was discovered by S&R last Nov.14.
In an advisory to members dated Nov. 21 and posted on its Facebook page on Wednesday, S&R said it recently became the target of a cyber attack.
“Limited membership data, which are confined to contact information, may have been compromised,” S&R said.
“However, all our members’ credit card and other financial information are safe and secured, as these data are protected by encryption measures as required by regulation,” it added.
S&R also said it has informed the NPC of the incident. Milanes said S&R informed NPC of the measures that were implemented to secure the system, recover compromised data, prevent further disclosure, and the recurrence of similar attacks.
Following the cyber attack, S&R said it immediately took action through cybersecurity protocols, allowing the resumption of system operations.
“Our business was not affected, and we continue to deliver a convenient and fulfilling member-customers shopping experience,” S&R said.