Multiple Fast Food Chains, Government Entities Potentially Exposed in Large-Scale Supply Chain Breach
A massive data breach involving over 800GB of information is now being linked to a wider supply chain compromise affecting multiple organizations in the country, including fast food chains such as Jollibee Foods Corporation. The incident first came to light on March 15, when threat actors previously associated with the Professional Regulation Commission (PRC) breach advertised a new dataset for sale via Telegram, claiming it contained approximately 7.9 million user records, booking logs, and operational data, with historical records reportedly extending up to 2026.
The threat actor claimed that the data may have originated from misconfigured servers tied to Philippine-based websites that had been exposed for years. The threat actor disclosed that attempts to trace the source through API logs led to an inactive domain, with early indicators pointing to possible connections with now-defunct platforms. Both platforms previously handled millions of users and were widely used for deals and booking services, raising the possibility that they were once integrated into vendor ecosystems utilized by various businesses, including food and delivery-related services. However, a critical concern emerged as portions of the dataset appear to have been updated as recently as 2026, suggesting the continued use of underlying infrastructure, migrated systems, or active third-party environments still connected to legacy components.
https://iili.io/BJ17XhF.png
https://iili.io/BJ17MmP.jpg
Cybersecurity researcher, Infosecdad described the incident as a large-scale supply chain breach rather than a direct attack on a single organization. Based on validation, the dataset is estimated to contain approximately 152 million rows of data within the 800GB archive, including around 11 million rows of booking information with rider and logistics-related details. The findings indicate that the affected third-party service provider may be exposing sensitive data across multiple clients, including fast food chains, government agencies, and large conglomerates. The provider is believed to operate as a software engineering and development firm supporting multiple environments, expanding the potential scope of the breach. Initial indicators also point to an infostealer infection within the provider’s internal systems, which may have harvested high-privilege credentials, enabling unauthorized access, lateral movement, and widespread data exfiltration across interconnected client infrastructures.
The DWK Team confirmed these findings after analyzing portions of the dataset, identifying entries that suggest multiple fast food chains may have been affected, not just Jollibee Foods Corporation alongside the exposure of rider information and customer booking logs. These findings strongly support the conclusion that the breach is tied to a shared third-party provider or platform used across various industries.
At present, there is no confirmation that Jollibee’s core internal systems were directly compromised; instead, the exposure appears to stem from a third-party or legacy integration.
The scale, recency, and diversity of the data involved indicate that the incident is not isolated, but rather a broader supply chain security issue, underscoring the growing risks posed by third-party dependencies and compromised credentials in today’s interconnected digital environments.
