NPC starts probe on Cebuana Lhuillier data breach
MANILA, Philippines — The National Privacy Commission (NPC) on Saturday said it has started investigating the data breach that hit one of the email servers of Cebuana Lhuillier.
“This incident is now under investigation,” Privacy Commissioner Raymund Enriquez Liboro said in a statement.
According to Liboro, representatives of Cebuana Lhuillier sought the NPC’s assistance on Friday following the breach that affected some 900,000 of its clients.
Liboro added that Cebuana Lhuillier also assured the NPC of its cooperation in the conduct of the probe.
“At the meeting, they committed to submit a more detailed report regarding the data breach,” Liboro said.
“Cebuana Lhuiller informed us that it has engaged the services of a third party information security service provider to handle their mitigation and response to this incident,” he added.
Liboro however noted that the NPC is still waiting to receive additional details such as the scope and severity of the breach.
“Cebuana Lhuiller has 72 hours from discovery of a data breach to report the same to the Commission and affected data subjects. The data subject notification must be done individually, and not further expose the data subject to more harm,” he said. /muf
Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.