Philippine privacy regulator says local users affected by Uber data breach

Source: Xinhua| 2017-11-28 20:45:16|Editor: pengying
Video PlayerClose

MANILA, Nov. 28 (Xinhua) -- The personal information of Philippine Uber users was among those exposed in the massive breach last year that affected 57 million Uber clients around the world, the Philippine National Privacy Commission (NCP) said on Tuesday.

NPC Chairman Raymund Liboro said in a statement that "Uber confirmed that personal information of Filipinos was exposed in the data breach" that attacked Uber's "third party cloud-based storage accounts" in October last year.

"As such, the NPC has jurisdiction over the data breach insofar as it affects these Filipino citizens," Liboro said.

Unfortunately, Liboro added that Uber "failed to provide the level of detail that we expect from personal information controllers about data breach notifications, such as the actual number of Filipinos affected, and the scope of their exposure."

He said Uber informed the commission that two individuals outside Uber "inappropriately accessed user data stored on a third-party cloud-based service that Uber uses."

Moreover, he said the two Uber employees who led the response to the data breach are no longer with Uber.

Uber chief executive officer Dara Khosrowshahi acknowledged in a blog post on the company's official website on Nov. 24 that a year ago two hackers broke into a third-party cloud-based system that contained the private information of its customers.

Khosrowshahi admitted that sensitive information had been illegally downloaded, including names, email addresses and mobile phone numbers of 57 million Uber users around the world, and the names and license numbers of 600,000 drivers in the United States.

Nevertheless, Liboro said under the principle of accountability, the NCP requires personal information controllers within its jurisdiction to provide detailed information on the nature of the incident, the scope of the exposure, and the remedial measures taken.

"While Uber has repeatedly asserted that there has been no evidence of fraud or misuse tied to the incident, the concealment of a data breach bears serious consequences under the Data Privacy Act of 2012," Libooro said.

If so qualified, Liboro said those responsible for the concealment of the breach and for the exfiltration of the data may face serious civil and criminal liability.

"The investigation continues. We are also cooperating with the data privacy authorities of Australia and the United States on this matter," Liboro said.

Uber, the ride-hailing giant, has around 66,000 active units in the Philippines.