NPC orders Uber PH to probe data breach

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines, November 23) — The National Privacy Commission (NPC) on Thursday ordered Uber Philippines to immediately find out if accounts of Filipino clients were among those compromised in Uber's global data breach.

"We have to find out if there are Filipinos involved and then it comes from there, and if there are Filipinos involved, what kind of information was involved. Is it sensitive personal information or is it information that can be used to enable identity fraud? Is that info in the hands of a third person and does that info pose a real risk or serious harm? If those 3 incident elements align, then we're looking at more serious penalties down the road," NPC Complaints and Investigation Division chief Atty. Francis Acero said.

Uber Philippines committed to act on the matter within 48 hours.

The popular app-based ride-sharing service, however, told NPC there are 600,000 driver accounts that are involved so far, but they don't know yet if there are Filipinos on the list.

Hacked information include either the driver or passengers' name, email address and phone details.

NPC is also looking into the credentials of the third party data forensics investigators that Uber hired to make sure the company would release accurate information about the hack.

This follows a global data breach that "compromised" the personal data of 57 million Uber users in 2016, but was only revealed by Uber on Tuesday.

Uber CEO Dara Khosrowshahi, who became CEO in August, said he launched an investigation into why the company did not alert authorities or individuals affected by the hack.

He said, "two of the individuals who led the response to this incident are no longer with the company."

Uber Philippines may face penalties in case there are information of Filipino app users involved.

Meantime, the NPC advised Uber app users to practice good digital hygiene, which includes regular changing of passwords and being aware of safe email practices such as not opening links in mails directly.

Users can also watch out for any irregularities in their account since November 2016 and report to NPC if there's any.

CNN Philippines' Triciah Terada contributed to this report.