PH privacy regulators summon Uber over massive data breach

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines, November 23) — The National Privacy Commission (NPC) has summoned ride-sharing service Uber to meet Thursday over a global data breach that "compromised" the personal data of 57 million Uber users in 2016.

NPC Commissioner Raymund Enriquez Liboro asked Uber "to shed more light" on the breach and to provide the NPC with more information on the incident, a statement on Wednesday said.

"The National Privacy Commission (NPC) is concerned about the possible impact of the breach on our citizens," Liboro said.

"By virtue of its operations and processing of Filipino end-user data, Uber is considered a Personal Information Controller and must comply with Philippine data privacy and protection laws," he added.

Uber should comply with formal breach notification procedures outlined in the Data Privacy Act of 2012 or Republic Act. No. 10173. This includes giving the NPC detailed information on the breach and the Filipinos possibly involved, as well as measures Uber has undertaken to fix the incident, it added.

When sought for comment on the hacking incident, Land Transportation Franchising and Regulatory Board (LTFRB) Member Aileen Lizada told CNN Philippines Uber has to be "transparent," and said the board will call Uber to meet on the issue.

Prior to this, Uber Philippines said in a statement it could not give further details on the data breach.

"We are in the process of notifying various regulatory and government authorities and we expect to have ongoing discussions with them. Until we complete that process we aren't in a position to get into any more details," Uber said.

This NPC's invite comes after Uber Chief Executive Officer Dara Khosrowshahi revealed Wednesday (Tuesday in the United States) the company suffered a massive data breach in 2016, but only reported it now.

Khosrowshahi said the breach did not include trip location history, credit cards numbers, bank account numbers, birthdays, or social security numbers. However, it involved the names, email addresses, and phone numbers of some 57 million Uber users around the world, including 600,000 drivers in the U.S.

The incident is the latest hurdle for the ride-sharing service, which has had a rocky year in the Philippines and in some parts of the globe.

Uber, which has roughly 36,367 registered vehicles in the Philippines, was suspended in the country for roughly two weeks in August.

The suspensions were over Uber's violation of an LTFRB order barring transport network companies from accepting applications for accreditation of transport network vehicle services and their eventual approval or activation.

It was lifted weeks after, when Uber paid a hefty P190 million fine to the LTFRB.

READ: LTFRB lifts Uber's suspension