NPC: Uber confirmed Filipinos 'exposed' in 2016 data breach

Personal information of drivers and passengers of Uber Philippines were among those exposed in a massive data breach last year, the National Privacy Commission (NPC) said Tuesday.

"Yesterday, Uber wrote to us in compliance with their commitment to provide more detailed information about their data breach of October 2016," NPC Commissioner Raymund Enriquez Liboro said in a statement.

"In that letter, Uber confirmed to us that personal information of Filipinos was exposed in the data breach. As such, the National Privacy Commission has jurisdiction over the data breach insofar as it affects these Filipino citizens," he said.

The breach was perpetuated by two individuals who downloaded data from a third-party cloud server used by Uber.

This includes names, email addresses, and mobile phone numbers of some 57 million users worldwide, as well as names and driver's license numbers of some 600,000 of the company's US drivers.

In the Philippines, the commission said Uber did not disclose any further information regarding the breach and its scope.

"Unfortunately, Uber failed to provide the level of detail that we expect from personal information controllers about data breach notifications, such as the number of Filipinos affected, and the scope of their exposure," Liboro said.

The NPC will continue to investigate the matter in cooperation with data privacy authorities in Australia and the United States, Liboro said.

"If so qualified, those responsible for the concealment of the breach and for the exfiltration of the data may face serious civil and criminal liability," he said.

"We are not here to merely prosecute offenses against data privacy, but to work with all stakeholders to ensure that we keep moving toward a safer data ecosystem where data flows freely and securely," he added. — Jon Viktor Cabuenas/VDS, GMA News