DFPC immediately took the necessary steps to prevent further escalation of the attack’s impact by investigating the nature and scope of the malware and implementing immediate steps to secure its systems. DFPC has also reported the incident to concerned government regulatory agencies and is working diligently with IT experts to address the problem.

State owned Duty Free Philippines Corporation (DFPC) has been hit by a ransomware attack affecting its stores’ POS servers and breach of its customers profile and employees’ personal data. The attack was confirmed via a report to the National Privacy Commission which detailed that the incident happened last 21 December 2022 through a malicious text file on the POS store server of DFPC’s Kalibo outlet. The hackers introduced themselves as the Vice Society, an identified ransomware cyber attacker, and threatened to upload the agency’s files to “darknet”.

DFPC customers, suppliers and employees are forewarned of any identity theft or fraud that may result from said unfortunate occurrence. The agency is also requesting for the public’s understanding and continued support amidst an anticipated store-wide system outage for an indefinite period.