MANILA (UPDATE) - Cebuana Lhuillier on Saturday said one of its servers fell victim to data breach incidents that may have compromised personal information of its customers.
Among the data that may have been "exposed" were clients' names, birth dates, email addresses, mobile numbers and in some cases, income information, Cebuana Lhuillier told its clients in an email.
"On January 15, 2019, we detected attempts to use one of our email servers as a relay to send out spam to other domains," the notice read.
"Follow-up investigation resulted in the discovery of unauthorized downloading of contact lists used as recipients for email campaigns. These unauthorized downloads took place on August 5, 8, and 12, 2018," it said.
Over 900,000 clients were affected by the data breach, the pawnshop said in another statement.
"We are committed to ensuring the data privacy of our clients and adhere to strict security protocols in protecting our interests," it said.
"We will provide additional information regarding the incident as soon as it becomes available," it added.
Cebuana Lhuillier added that it has disconnected the affected server from the network and reported the breach to the National Privacy Commission.
It advised its customers to "change the passwords of all user accounts in which personal information details or portions of it are used as passwords."
"Do not use the same password across multiple accounts. Use strong passwords. Change passwords regularly," the money remittance and lending company said.
Cebuana Lhuillier is a three-decade-old business that offers pawning, remittance, microinsurance, and micro loan services with some 2,500 branches nationwide.