MANILA - The National Privacy Commission (NPC) on Tuesday said at least 2,000 individuals were affected following attacks on government websites on April Fool's Day.
In a statement, the NPC said it has summoned officials of 7 schools, institutions, and local government units "to explain why they did not notify, within 72 hours of the breach, the NPC nor the affected data subjects, whose personal data were made available for download via links posted on Facebook."
"There were data breached which contains names, addresses and some instances even passwords and school details. Unfortunately, we have not concluded our probe on the matter so we will notify you whenever we complete," NPC commissioner Raymund Liboro told ANC.
The NPC said it has sent notices to top officials of the following organizations to appear before the agency on April 23 and 24:
- Taguig City University
- Department of Education offices in Bacoor City and Calamba City
- the Province of Bulacan
- Philippine Carabao Center
- Republic Central Colleges in Angeles City
- Laguna State Polytechnic University
The agency said that as of Monday, none of the organizations has issued data breach notifications "as part of their obligations as Personal Information Controllers (PICs) under the Data Privacy Act of 2012."
“PICs are required to employ organizational, technical, and physical measures to protect personal data. This includes the duty to inform data subjects and this Commission if there is a serious data breach," Liboro said in a statement.
Liboro did not identify the group behind the cyber attack but said authorities were pursuing the hackers.
"It came from malicious outside vectors or external actors. Of course I don't want to glorify these external actors, I don't even want to mention their names. However, there's a parallel move coming from our counterparts to run after these hackers so we are addressing what needs to be addressed and it's a privacy act, cybercrime being enforced here," he said.