Filipino drivers and riders were not spared by a massive data breach at ride-hailing firm Uber, the National Privacy Commission (NPC) said on Tuesday.
“Uber wrote to us in compliance with their commitment to provide more detailed information about their data breach of October 2016,” NPC Commissioner Raymund Enriquez Liboro said in a statement.
Liboro said Uber confirmed that personal information, such as “names, email-addresses and mobile phone numbers” of 57 million users around the world were compromised as well as the names and licenses of around 600,000 partner drivers in the US.
“Unfortunately, Uber failed to provide the level of detail that we expect from personal information controllers about data breach notifications, such as the actual number of Filipinos affected, and the scope of their exposure,” he added.
The transport company did declare that “Filipino data subjects are affected, but there is no indication that any Filipino driver’s licenses were downloaded”
Uber said that two persons outside the company had accessed user data stored in third-party cloud servers. Two employees who had led the response to the hack are also “no longer with Uber”.
“The incident did not breach Uber’s corporate systems; there is no indication that trip location history, credit card numbers, bank account numbers, or dates of birth were downloaded,” the company stressed, adding that cybersecurity measures had been strengthened in response to the hack.
Noting the Uber had concealed the data breach, Libor said this “bears serious consequences under the Data Privacy Act of 2012.”
“If so qualified, those responsible for the concealment of the breach and for the exfiltration of the data may face serious civil and criminal liability,” he said.
With the breach still being investigated, Liboro said the NPC was cooperating with data privacy authorities from Australia and the United States.
“We are not here to merely prosecute offenses against data privacy, but to work with all stakeholders to ensure that we keep moving toward a safer data ecosystem where data flows freely and securely,” he said.