NPC: Personal data of 22K S&R members compromised in cyber attack

Published November 24, 2021, 7:18 PM

by Gabriela Baron

The National Privacy Commission (NPC) on Wednesday, Nov. 24, said the personal data of 22,000 S&R members were compromised following a recent cyber attack.

(Photo from S&R website)

In a statement, NPC confirmed the receipt of a breach notification report on Nov. 15 from S&R Membership Shopping concerning a cyber attack “that may have compromised its members’ personal data.”

The S&R said they discovered the security incident last Nov. 14 and submitted a supplemental breach report to the NPC on Wednesday.

According to the report, members’ personal data, including date of birth, contact number, and gender have been compromised.

However, S&R’s data protection officer assured that credit cards and other financial information of its customers were not among the compromised personal data.

The membership shopping store informed NPC that they instituted measures to secure their system, recover compromised data, prevent further disclosure, and recurrent of similar attacks.

The NPC asked S&R to fully disclose and individually notify the affected data subjects and directed them to provide the technical report of the incident from the third-party cyber security firm.

READ MORE: S&R informs NPC of cyber-attack