Philippine privacy regulators say over 170,000 Filipinos affected by Uber data breach

Source: Xinhua| 2017-12-15 19:01:21|Editor: Zhou Xin
Video PlayerClose

MANILA, Dec. 15 (Xinhua) -- The Philippine National Privacy Commission (NPC) said Uber Philippines committed that over 170,000 Filipino drivers and passengers were affected by its massive data breach last year.

NPC Chairman Raymund Liboro said Uber Philippines informed the commission that the exposure of the affected data subjects was limited to their registered name, e-mail address, and phone number.

The commission has summoned Uber officials "to appear before the commission to further explain their data processing operations, particularly the organizational, technical and physical security measures Uber Philippines is implementing to protect Filipino drivers and riders," he said.

"We are looking now at the processes and procedures that Uber claims they have taken to ensure that this matter never happens again," Liboro said in a statement.

He said the NPC is "paying particular attention to the steps taken to ensure that in the future, data breaches of this magnitude will not be concealed from regulators and from affected data subjects."

Liboro warned that concealment of data breaches that involve sensitive personal information or data is a criminal offense.

"We have received reports of irregular processing following the report of the breach, but we are still investigating these claims and their link to the 2016 data breach incident. As usual, we expect full cooperation from Uber on these matters," the commission chief said.

Last month, Uber Philippines informed the NPC that Filipino Uber users were indeed among those exposed in the massive breach last year that affected 57 million Uber clients around the world.

In a letter to the NPC, Uber Philippines confirmed that personal information of Filipinos was exposed in the data breach that attacked Uber's "third party cloud-based storage accounts" in October last year.

Uber chief executive officer Dara Khosrowshahi acknowledged in a blog post on the company's official website on Nov. 24 that a year ago two hackers broke into a third-party cloud-based system that contained the private information of its customers.

Khosrowshahi admitted that sensitive information had been illegally downloaded, including names, email addresses and mobile phone numbers of 57 million Uber users around the world, and the names and license numbers of 600,000 drivers in the United States.

Uber, the ride-hailing giant, has around 66,000 active vehicles/drivers in the Philippines.