COL Financial Group, Inc. has until Wednesday this week to submit a full report on the possibility that their system may have been hacked, the National Privacy Commission (NPC) said.
The report will help the government decide on a “further course of action,” the privacy watchdog said.
In a statement Sunday, NPC confirmed that it received a notification from COL Financial at 3:30 p.m. on October 20 of a “possible breach.”
This develops as the country’s largest online stockbroker, with some 225,000 investors registered on its trading platform, announced a possible breach of their system involving some personal client information.
The possible breach is yet to be confirmed, however.
NPC said that the company, which it described as so far “upfront and transparent” with the incident, created a response team. Citing the notification, NPC said the team would look into the “likelihood of the threat and probable extent of a data breach, if any.”
“Attached to the notification is a preliminary report giving additional details of what its breach response team has done as of Friday. The company said it ran an initial vulnerability scan of its website, the result of which was ‘favorable,” NPC said.
NPC said that the company hired a third party group to perform an independent security and vulnerability check of the system.
“The Commission shall be expecting to receive from COL Financial a full report on the incident within five days. This will aid us to more accurately investigate the incident and decide on our further course of action,” NPC added.
Asked to clarify the timeline, Privacy Commissioner Raymund Liboro told the Inquirer that this refers to five calendar days, which means that NPC is “looking at Wednesday.”
“We are assuring the public especially the clients of COL Financial Group, Inc. that the NPC is monitoring this incident and shall be issuing new information to all concerned as soon as they become available,” NPC said. /cbb