The National Privacy Commission (NPC) has ordered ABS-CBN to address the data breach at the media company's online stores as soon as possible, NPC Commissioner Raymund Enriquez Liboro said on Wednesday.
Liboro was referring to the data breach in store.abs-cbn.com and uaapstore.com that was first written about by Netherlands-based security consultant and researcher Willem de Groot.
Groot claimed that the stolen data were intercepted during the checkout process via a malware, and that the stolen data were sent to a server registered in Irkutsk, Russia.
ABS-CBN later confirmed that the data breach affected 213 of its customers.
“We received a breach notification from the ABS-CBN's Data Protection Officer (DPO) at 12:37 pm of Wednesday," Liboro said in a statement.
"We expect ABS-CBN’s DPO to act in accordance with breach management standards set forth by the Commission, and fully set in motion its breach response protocols, including the safeguarding of their systems and the prevention of possible harms to affected data subjects,” he added.
“The NPC is monitoring the situation and expects ABS-CBN to send us a full report on the incident within five days,” Liboro said.
The Netherlands-based Groot suggested that Philippine government regulators should penalize companies affected by the data breach since it was difficult to go after the perpetrators of stealing data online.
“Usually, the stolen data is sent to Russia, Belize, Ukraine. [But] this does not prove that the criminals are also there, just that their server is,” Groot told GMA News Online.
“The government could set penalties for corporate privacy breaches, similar to the new General Data Protection Regulation law in Europe. This would prove an incentive for companies to increase their security efforts,” he added.
Senior Analyst Jordan de Leon of global technology market analyst firm Canalys agreed with Groot.
“The challenge is good cyber security experts are often hard to find, so there is still a skills gap in Asia, especially in emerging markets like the Philippines,” the Singapore-based De Leon told GMA News Online.
“Hackers could be based anywhere, and can be very sophisticated in transferring data around the world,” he added. —NB, GMA News