After Uber recently came out about a data breach last year which saw 57 million users’ data stolen, the National Privacy Commission announced in a press release yesterday that the personal information of Filipinos was among those exposed in the breach.
Uber was not able to produce the information that the NPC had expected given the nature of the incident. The company declared the following important details:
- “Two individuals outside the company” had accessed user data stored on a third-party cloud service that Uber uses
- The two Uber employees who led the effort to respond to the breach have since been removed from the company
- There is no indication that trip location history, credit card information, bank account numbers, or dates of birth were stolen
- There is no indication that any Filipino driver’s licenses were downloaded
- The company has increased security on their cloud-based storage accounts
Since Filipino citizens have been affected, the NPC does have jurisdiction over the breach. As such, the commission requires that the company provide information on the nature and scope of the incident, as well as measures taken.
The NPC states that parties responsible for concealment of a data breach may face serious civil and criminal liability, under the Data Privacy Act of 2012.
The investigation is still ongoing, and aside from Uber themselves, the commission is cooperating with Australian and American data privacy authorities.
Lastly, the NPC assures that their main objective is not to prosecute, but “to work with all”.
To learn more about the incident, click here.
Source: National Privacy Commission