MANILA - The recent proliferation of personalized text scams is unlikely due to a large-scale data breach, or because of contact tracing apps, the National Privacy Commission said citing the results of its preliminary investigation on Wednesday.
The NPC addressed public comments linked to the personalized text scam during a webinar on Wednesday.
Although the possibility of a data breach was not ruled out, initial information pointed out to other possible leads, NPC Complaints and Investigation Division chief Michael Santos told ABS-CBN News.
“Kung meron siyang galing sa isang breach, we are not closing our doors, pero so far wala tayong indication na ganon ang way na naha-harvest ang pangalan and number," Santos said.
(We're not closing our doors on the possibility of a data breach but so far, there is no indication that it was the way the names and numbers were harvested.)
Santos said the personal details of users could have been collected through "data scraping and harvesting."
"Kasi alam naman natin dun sa isang payment channel. You can type in your number, once you are in the platform, type in your number, and lalabas yung name. Dun naman sa messaging app, yung buong pangalan naman ang format," he said.
(Like in one payment channel, you can type your number and once you're in there, your name will appear. In another messaging app, they use the whole name format.)
Personal data is also unlikely to have been collected from contact tracing apps, Santos said. Manually written contact tracing data is also not profitable, he said.
"Based doon sa format ng mga pangalan, pangalan at number lang, wala sa top leads natin ang contact tracing," he said.
(Based on the format, it's just the name and number, contact tracing is not on the top of our leads.)
The Philippine National Police and the National Bureau of Investigation are working together to discover the root cause of the problem but did not give a target date on when the investigations will be completed.
Lt. Colonel Jay Guillermo of the PNP Cybercrime Group said they are also waiting for the SIM Card registration law, which was earlier vetoed by former President Rodrigo Duterte.
"Ang kamay po ng law enforcment ay nakatali pa. Dahil ang inaabangan sana namin na batas ay itong sim card registration. Kaya mapapansin po ninyo lahat ng mga numbers na ginagamit nila ay prepaid, so kumbaga wala po kaming makukuha, wala po kaming makukuhang impormasyon tungkol diyan dahil hindi registered at hindi namin alam kung kanino," he said.
(Our hands in law enforcement are tied. We're waiting for the SIM card registration. As you can see, most of the numbers used by fraudsters were prepaid. This means we can't get any information since they're not registered.)
A new SIM card registration bill was submitted and passed by the House of Representatives Information and Communication Technology Committee on Sept. 5.
PLDT on Wednesday said the enactment of the SIM card registration bill could help reduce and eradicate SMS or messaging-linked scams.