MANILA, Philippines — The National Privacy Commission (NPC) on Thursday confirmed that automotive giant Toyota Motor Philippines and leading property developer Robinsons Land Corp. (RLC) had been hit by a data breach and that an investigation has begun to look into the cyberattacks on these companies.
The NPC said Toyota notified them of the breach on May 14, while RLC of the Gokongwei Group informed them of the hack on June 1.
“The reports are still under evaluation,” Roren Marie Chin, chief at the NPC Public Information and Assistance Division, said in a message sent to reporters.
Deep Web Konek, an online group dedicated to publishing data leaks, posted about the data breach as early as June 4.
In its account, Deep Web Konek said the Toyota data leak exposed over a terabyte of data spanning from 2016 to 2024.
Customer information
The cyberattack purportedly compromised sensitive customer information including full names, addresses, bank documents, valid IDs such as passports and national IDs, email addresses, and photographs of sensitive documents.
On the other hand, it said that the RLC leak—focused on Robinsons Malls—affected approximately 107,000 customers.
The group alleged the breach exposed personal details, including full names, email addresses, mobile numbers, birthdates, genders, provinces, cities, and registration dates.
The Inquirer reached out to Toyota and RLC but both had not responded to queries on the extent of the data breach as of press time.
READ: 2 terabytes of DOST data breached in latest hacking incident
Additionally, the group said that the popular membership shopping club S&R also experienced a breach, allegedly compromising the personal information of about 11,000 members.
The NPC said, however, that it had not received a formal notification from S&R as of Thursday morning.
Aside from these data breaches, the NPC said the Philippine National Police has also reported six data breach notifications last month.