Uber confirms breach of data of Filipino riders and drivers
Uber has confirmed that personal information of Filipinos were exposed in the data breach incident last year, but the report was a bit sketchy that the National Privacy Commission (NPC) has warned that concealment of information about data breach bears serious consequence under the law.
NPC Commissioner Raymund Enriquez Liboro said that Uber has formally written to them and shared some information as part of its compliance to provide more details on the data breach on October 2016.
Uber has also posted an information in the company’s app to allay fears among its users: “We do not believe any individual rider needs to take any action. We have seen no evidence of fraud or misuse tied to the incident.”
Uber has also encouraged users to regularly monitor their credit and accounts, including their Uber account for any issues.
While Uber has confirmed of the breach and formally written the NPC about it, the NPC found the declaration insufficient.
“Unfortunately, Uber failed to provide the level of detail that we expect from personal information controllers about data breach notifications, such as the actual number of Filipinos affected, and the scope of their exposure,” said Liboro.
“While Uber has repeatedly asserted that there has been no evidence of fraud or misuse tied to the incident, the concealment of a data breach bears serious consequences under the Data Privacy Act of 2012.”
If so qualified, Liboro stressed that those responsible for the concealment of the breach and for the exfiltration of the data may face serious civil and criminal liability.