Uber Philippines told National Privacy Commission the data breach that occurred in 2016 was limited to the registered name, e-mail address and phone number of about 171,000 Filipinos.
“We were informed that around 171,000 Filipino citizens consisting of drivers and passengers were affected by the breach,” said NPC Commissioner Raymund Liboro.
NPC asked Uber to further disclose related information on the breach to make the necessary action to protect affected people or at least warn them of the situation so they can also ward off potential threats using their personal information.
“We are looking now at the processes and procedures that Uber claims they have taken to ensure that this matter never happens again,” Liboro said.
The Commission is placing more focus on the steps Uber has taken to ensure data breaches in the future will not be concealed from regulators and affected data subjects.
“In line with this, we have summoned Uber to appear before the Commission to further explain their data processing operations particularly the organizational, technical and physical security measures Uber Philippines is implementing to protect Filipino drivers and riders,” Liboro added.
The NPC reminded the public that the concealment of data breaches involving sensitive personal information or data was a criminal offense.
The minimum penalty for concealment of breach under the privacy law is about one and a half to five years of imprisonment and at least P1 million in penalties.
The commission has received reports of irregular processing following the report of the breach. It is currently investigating the claims and their link to the 2016 data breach incident.