S&R reports cyber-attack, says members info may be exposed
S&R Membership Shopping on Wednesday reported a cyber-attack which could have compromised its members' contact information.
S&R Membership Shopping was targeted by a cyber-attack. The company said members’ contact information may have been compromised while credit card and other financial information of members remain safe and secured. pic.twitter.com/89Bjv5JnAc
— Ted Cordero (@Ted_Cordero) November 24, 2021
In a letter to its members dated November 21, and posted on its Facebook page, S&R said it has already reported the incident to the National Privacy Commission (NPC).
“[W]e would like to inform you that S&R recently became the target of a cyber-attack,” it said.
Sought for comment, NPC Public Information and Assistance Division chief Roren Chin confirmed that S&R submitted to the commission a breach report on November 15.
Chin said the NPC is now evaluating the report and “will require submissions of compliance documents.”
According to the S&R, “Our team acted immediately and decisively to implement our cybersecurity protocols that enabled us to resume our system operations.”
It also &R noted that its business was not affected by the cyber-attack.
“Limited membership data, which are confined to contact information, may have been compromised,” it said.
“However, all our members’ credit card and other financial information are SAFE and SECURED, as these data are protected by encryption measures as required by regulation,” the company added.
The cyber-attack on S&R came amidst the influx of spam text messages recruiting subscribers to suspicious job offers with high salaries.
The NPC found, in its investigation, that a global organized syndicate is behind the influx of spam text messages.
The Privacy body also eased concerns that the spam messages might be due to leaks from contact tracing forms, saying there is no direct evidence showing such correlation.
S&R said it strongly condemns the numerous reports of cyber-attack in the Philippines perpetuated against private companies.
“[W]e are treating this matter very seriously,” it said.
“Rest assured that we are implementing measures to further reinforce the security of our IT system,” it added. —LBG, GMA News