The National Privacy Commission (NPC) on Wednesday warned Uber users to protect their personal data in light of a massive hack that exposed the personal information of around 57 million users of the ride-sharing service worldwide.
NPC commissioner Mon Liboro said the data breach exposed some Uber users in the country.
He warned that if Uber users' personal data is collated with information from the Commission on Elections, which also encountered a data breach, these may be used by criminals for phishing or identity theft.
"'Yung patuloy na naiipon ang datos ng isang tao sa dark web kung saan wala ka nang control and iyang mga datos na iyan, hindi man galing sa iisang source kung pagbabalakan ka ay meron the threat of identity fraud, may magkukunwaring ikaw," he said.
"Mag-aapply ng linya ng telepono, o sa bangko. Ito yung maaring mangyari plus idagdag mo pa ang sariling datos na isinasapubliko eh makakabuo ka na ng profile…Yun po 'yung nagiging danger natin dito."
At this stage, users can't do anything about the breach. Liboro advised internet users to change their passwords regularly, update their anti-virus program, and check the legitimacy of sites.
The NPC, meanwhile, said Uber failed to disclose the data breach to the authorities immediately.
"Sa bahagi ng kumpanya tulad ng Uber magiging malupit ang matutunan nila sa nangyari. Una, concealment of a breach is a very serious concern. Kailangan sa batas natin within 72 hours maireport sa commission ang uri ng personal data breach at kailangan nilang mainform ang mga data subjects nila kung papaano ang remedial measures dito," Liboro said.
He also reminded the public that every individual has the right to know how his or her data will be used.
"Maging mas maingat po tayo sa mga deal na ganito. Magign masusi po tayo na ibigay sa pagpayag sa pagkolekta na ito at kunin ang pag-sangayon yung legal consent ay very very important at dapat maliwanag sa mamamayan kung bakit at saan at anong paraan gagamitin ito," he said.
The agency said it is cooperating with the data privacy authorities of Australia and United States on the issue. The Land Transportation Franchising and Regulatory Board is also planning to conduct a separate investigation.
In a blog post, Uber CEO Dara Khosrowshahi said the company discovered the incident in late 2016 and took steps to shut down unauthorized access and implemented security measures.
"I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," the post read.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."
Khosrowshahi added that they have not seen evidence of fraud or misuse tied to the incident but that the ride-hailing service is monitoring the affected accounts and have flagged them for additional fraud protection. - with reports from Jacque Manabat, ABS-CBN News