MANILA - The National Privacy Commission (NPC) has ordered Wendy's Philippines to notify users affected by the data breach on its website on April 23.

The order dated May 2 was released after the fast food chain notified the commission that its website was infiltrated and that personal data of users were obtained and published online.

"There is a real risk of serious harm to the affected data subjects; the data is not merely incidental to the breach," the NPC said in its order.

National Privacy Commission issues order obliging Wendy's Philippines to promptly notify data subjects affected in the breach & wholesale leak of its database last April 23. pic.twitter.com/6GCRzGANUR

— Jacque Manabat (@jacquemanabat) May 4, 2018

The commission estimates that around 82,150 records including personal details such as names, contact numbers, home addresses, hashed passwords, transaction details, and mode of payment of customers among others were exposed in the leak.

Representatives of Wendy's on Wednesday took questioning from the commission but were not able to provide further details regarding the data breach, the NPC said.

The fast food chain, according to the NPC, also admitted that earlier attempts of implementing security measures were foiled when information technology officers of the company resigned "before any of the measures were implemented."

Aside from notifying users affected by the data breach, the NPC also ordered Wendy's to provide a copy of website logs prior to the breach, and conduct a new privacy impact assessment "taking into account the vulnerabilities exposed" in the data breach.

As of posting time, the fast food chain's website was down with a note that says the company is "fixing our website."

-- with a report from Jacque Manabat, ABS-CBN News