Uber PH confirms data of Filipino users among those hacked – NPC | Inquirer Technology

Uber PH confirms data of Filipino users among those hacked – NPC

/ 03:23 PM November 28, 2017

The personal information of a yet undetermined number of Filipino Uber users have been compromised in a breach late last year, a cyber-hacking that the company’s US office deliberately hid from public knowledge for more than a year now.

This is according to the National Privacy Commission (NPC), which said that Uber Philippines wrote to the agency on Monday to confirm that data of Filipino users were included in the millions of data stolen in October 2016.

Uber, however, claimed they could not give the extent of the impact of the breach.

Article continues after this advertisement

Nevertheless, the NPC said that whether the stolen data was abused for fraud or other purposes or not, concealing the breach “bears serious consequences” under the law.

FEATURED STORIES

“In that letter, Uber confirmed to us that personal information of Filipinos were exposed in the data breach,” the NPC said in the statement.

“Unfortunately, Uber failed to provide the level of detail that we expect from personal information controllers about data breach notifications, such as the actual number of Filipinos affected, and the scope of their exposure,” it also said.

Article continues after this advertisement

It has been more than a week since Uber Technologies Inc. admitted that it was hacked in October 2016, with “some personal information of 57 million Uber users” all over the world compromised. How this impacted Filipino users remains a mystery, even to the NPC.

Article continues after this advertisement

While the ride-sharing company assured that the necessary actions have been made, Uber still purposely screened the information from the public until months into the term of its newest chief executive officer. Uber Philippines, for its part, claimed that it did not have prior knowledge about the breach.

Article continues after this advertisement

‘Serious consequences’

“While Uber has repeatedly asserted that there has been no evidence of fraud or misuse tied to the incident, the concealment of a data breach bears serious consequences under the Data Privacy Act of 2012,” the NPC said.

Article continues after this advertisement

Under the Data Privacy Act of 2012, concealing security breaches that involve sensitive personal information face a penalty that could reach up to five years of imprisonment and a fine of less than P500,000.

The necessary punishments, according to the law, would be slapped on people who — after learning about the breach — decided to conceal the fact, regardless if this were done intentionally or by omission.

“If so qualified, those responsible for the concealment of the breach and for the exfiltration of the data may face serious civil and criminal liability,” the NPC noted.

NPC is cooperating with its counterpart authorities in Australia and the United States on this matter, the agency said.

What was hacked?

Uber representatives deferred from commenting on the issue, even when asked about the latest number of active Uber users. There is an information page available under the “Accounts and Payment” option menu in the help section of the Uber app.

“We do not believe any individual rider needs to take any action,” Uber said in its app.

According to the blog post made by Uber CEO Dara Khosrowshahi, the hackers were able to download names, e-mail addresses, and mobile phone numbers of users across the globe; and the license numbers of drivers in the United States.

The company assured that no other data was stolen, noting that the necessary measures have been taken. Later, news organizations reported that Uber paid hackers $100,000 in order to destroy the stolen data.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

According to NPC, Uber claimed that there is “no indication” that any Filipino driver’s license was downloaded.                         /kga

TOPICS: breach, hacking, Internet, National Privacy Commission, personal information, Philippines, Uber
TAGS: breach, hacking, Internet, National Privacy Commission, personal information, Philippines, Uber

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.