National Privacy Commission probes Cebuana Lhuillier data breach

The National Privacy Commission (NPC) on Saturday said it is now investigating the data breach incident reported by pawning and remittance firm Cebuana Lhuillier, which affected thousands of its clients.

Cebuana Lhuillier notified its clients through email that it detected unauthorized downloading in one of its email servers.

The company also revealed that around 900,000 clients' personal information including name, birth date, email address, mobile number and in some cases, income information may have been exposed in the incident.

"This incident is now under investigation," Privacy Commissioner  Raymund Liboro said in a statement.

Liboro said representatives from Cebuana Lhuiller went to the NPC on Friday, January 19, to seek assistance regarding a data breach involving their email server.

"At the meeting, they committed to submit a more detailed report regarding the data breach," he said.

"Cebuana Lhuiller informed us that it has engaged the services of a third party information security service provider to handle their mitigation and response to this incident," he added.

Liboro noted that the Privacy body is awaiting further details as to scope and severity of the breach.

"Cebuana Lhuiller has 72 hours from discovery of a data breach to report the same to the Commission and affected data subjects. The data subject notification must be done individually, and not further expose the data subject to more harm," he said. —KG, GMA News