PLDT should notify customers if data breached, says privacy commission

PLDT Inc. should notify customers if their account data was compromised due to the recent hacking incident involving the company's Customer Service Twitter account, the National Privacy Commission (NPC) said Thursday.

According to NPC Commissioner Raymund Liboro, the commission is now awaiting the official report from the company, given the data breach notification protocols in place.

"PLDT has a working data protection team that should be on top of their data breach response looking into this incident. We are awaiting their official report on the matter," he said in a mobile message.

A group of hackers earlier in the day attacked the PLDT Customer Service account with the handle @PLDT_Cares, and posted a series of tweets citing the need for fast internet connections after changing the account name to "PLDT Doesn't Care."

PLDT has since recovered the account, and said it is now "ready to serve."

"We would like to assure our customers that the security issue was limited only to the Twitter account and did not affect PLDT's network and services," the company said.

Liboro noted, however, that should there be any breach in data which may have been shared by customers to the Twitter account via direct messages, they must be notified by the company.

"And should this incident give rise to a real risk to the rights and freedoms of data subjects, then, they are required to notify all the data subjects affected so they can take the necessary measures to protect themselves against the possible effects of the breach," he explained. -NB, GMA News