In an advisory posted on the Facebook page of S&R Membership Shopping at around 10:00 AM of Wednesday, 24 November 2021, they are informing their clients that they became a target of a cyber-attack and limited membership data (contact information) may have been compromised.
As early as Tuesday, 23 November 2021 at around 3:11 PM, Internet celebrity Christian Albert Gaza posted on his Facebook account that S&R Membership Shopping has been hacked, exposing some 1.6 million personal information following what could be a form of a ransomware attack (based on what was described in his post).
The membership shopping company said that they already reported the matter to the National Privacy Commission (NPC) and they are implementing measures to further reinforce their IT System’s security.
As of 10:20 AM of Wednesday, 24 November 2021, the website of S&R Membership Shopping has been taken offline.
UPDATE 1
Wednesday, 24 November 2021 evening, the National Privacy Commission (NPC) released a statement confirming the receipt of a breach notification from S&R Membership Shopping related to a ransomware attack. The NPC also said that based on the report submitted by S&R, the data of some 22,000 members were compromised.