NPC flags Facebook after security breach affects 756,000 PH users


Posted at Oct 18 2018 10:47 AM | Updated as of Oct 18 2018 12:34 PM

MANILA - The National Privacy Commission on Thursday ordered the social media giant Facebook to submit a Data Breach Notification Report and to provide "identity" insurance to affected Philippine-based data subjects.

In an order, the NPC ordered Facebook to submit a more comprehensive report, provide identity insurance and credit monitoring, and inform data subjects in compliance with NPC Circular No. 16-03.

This, after a September Facebook "security issue" on its "View As" feature has affected about millions of users worldwide, including 755,973 Philippine-based users.

The agency also ordered the establishment of a dedicated helpdesk for Filipinos on privacy-related matters for up to 6 months upon receipt of the notice.

The NPC said it does not agree with Facebook's Oct. 13 letter contending that "there is no material risk of more extensive harm occurring" from the breach.

"The risk of serious harm to Filipino data subjects is more than palpable. The conditions for individual notification are present," the NPC said

Affected users were grouped in 3 categories based on the degree of data obtained, the NPC said, citing Facebook data.

About 387,322 Philippine-based users' basic profile information may have been exposed while for 361,227 more, their history, birthday, location history, search queries, and linked devices and hardware, among others, could have also been obtained.

For the remaining 7,424, their timeline, friends' list, groups and recent Messenger conversations might have been obtained.

The NPC said Facebook officials, through a conference call, expressed their commitment to abide by Philippine data privacy laws.

ABS-CBN News has reached out to Facebook Philippines regarding the matter but they have yet to respond as of posting.