The National Privacy Commission (NPC) has ordered Uber Philippines to explain actions it has taken regarding the massive data breach last year that also exposed 171,000 Filipino drivers and passengers.
"We have summoned them to appear before the Commission to further explain their data processing operations particularly the organizational, technical and physical security measures Uber Philippines is implementing to protect Filipino drivers and riders," said NPC Commissioner Raymund Liboro.
Last month, Uber disclosed that hackers compromised personal data from 57 million riders and drivers in a breach kept secret for a year.
"We understand this to be based on the mobile phone numbers included in the registry. We were also informed that the exposure of the affected data subjects was limited to their registered name, e-mail address, and phone number," Liboro said in a statement.
He added they are looking at the processes and procedures that Uber claims to have taken to prevent it from happening again.
"We are paying particular attention to the steps taken to ensure that in the future, data breaches of this magnitude will not be concealed from regulators and from affected data subjects," he said.
He reminded the public that concealment of data breaches involving sensitive personal information is a criminal offense.
"We have received reports of irregular processing following the report of the breach, but we are still investigating these claims and their link to the 2016 data breach incident," he added.