MANILA, Philippines — The National Privacy Commission (NPC) on Saturday said it has started investigating the data breach that hit one of the email servers of Cebuana Lhuillier.
“This incident is now under investigation,” Privacy Commissioner Raymund Enriquez Liboro said in a statement.
According to Liboro, representatives of Cebuana Lhuillier sought the NPC’s assistance on Friday following the breach that affected some 900,000 of its clients.
Read more Data breach hits Cebuana Lhuillier, around 900k clients affected
Liboro added that Cebuana Lhuillier also assured the NPC of its cooperation in the conduct of the probe.
“At the meeting, they committed to submit a more detailed report regarding the data breach,” Liboro said.
“Cebuana Lhuiller informed us that it has engaged the services of a third party information security service provider to handle their mitigation and response to this incident,” he added.
Liboro however noted that the NPC is still waiting to receive additional details such as the scope and severity of the breach.
“Cebuana Lhuiller has 72 hours from discovery of a data breach to report the same to the Commission and affected data subjects. The data subject notification must be done individually, and not further expose the data subject to more harm,” he said. /muf