Privacy commission: Uber PH confirms Filipino users affected by 2016 data breach

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Story updated to include statement of LTFRB Board Member Aileen Lizada.

Metro Manila (CNN Philippines, November 28) — The government's privacy regulator said Filipinos were among those affected by a 2016 data breach that stole the personal information of around 57 million Uber users worldwide.

"Uber confirmed to us that personal information of Filipinos were exposed in the data breach," Privacy Commissioner Raymond Liboro said in a Tuesday statement.

"Unfortunately, Uber failed to provide the level of detail that we expect from personal information controllers about data breach notifications, such as the actual number of Filipinos affected, and the scope of their exposure," he added.

On November 23, the National Privacy Commission (NPC) ordered Uber Philippines to investigate the breach's impact on local users of the popular ride-sharing application.

Read: NPC orders Uber PH to probe data breach

Uber CEO Dara Khosrowshahi announced in a November 21 blog post that two people outside the company accessed the personal information of Uber users in late 2016, including names, e-mail addresses and phone numbers.

Read: What we know about Uber's massive hack

The license numbers of around 600,000 drivers in the United States were included in the breach.

Reports said the ride-sharing company paid hackers $100,000 (around P5 million) to destroy the data, but did not tell regulators about the breach.

Read: Uber paid hackers $100,000 after they stole data on 57 million users

Liboro said Filipinos involved in concealing the breach "face serious civil and criminal liability" under the Data Privacy Act of 2012.

He also said the NPC is working with data privacy authorities in Australia and the United States on this issue.

Meanwhile, Land Transportation Franchising and Regulatory Board Member Aileen Lizada told CNN Philippines on Tuesday that the agency will conduct its own investigation on the data breach.