MANILA - The National Privacy Commission on Wednesday said S&R Membership Shopping informed it this afternoon of the extent of the data compromised in the recent cyber-attack on the company.

The NPC said that based on the initial breach notification submitted by S&R on Nov. 15, the company discovered the security incident on Nov. 14.

The privacy watchdog said S&R informed it in a supplemental breach report on Wednesday afternoon that “the subject of the ransomware attack was the S&R membership system affecting 22,000 data subjects.”

A ransomware attack encrypts the files of a victim, making them inaccessible. A ransom is then demanded to restore access to the data.

Data on S&R members’ date of birth, contact number, and gender, “were compromised”, NPC said.

Earlier today, S&R said “limited membership data, which are confined to contact information may have been compromised in a recent cyber attack.”

But the company assured members that credit card and other financial information "are safe and secured" and are covered by encryption measures.

The NPC said S&R has told the agency that it has instituted measures to secure the company’s system, recover compromised data, prevent further disclorsure and the recurrence of similar attacks.

In a statement, S&R said it has already informed its members directly, reassuring them that no credit card details and other financial information have been compromised.

ICT rights advocate Pierre Tito Galla said S&R members whose data was affected should be on guard for potential identity theft.

“In this case, kung may na-involve na contact information, yung risk includes potential identity theft,” Galla said.

(In this case, if contact information is involved, the risk includes potential identity theft.)

- With a report from Warren de Guzman, ABS-CBN News

• S&R says 'limited membership data' may be compromised in cyberattack
• Philippines urged to hone, upskill cybersecurity experts

RELATED VIDEO

Watch more in iWantv or TFC.tv