NPC investigates multiple gov’t websites breaches
The National Privacy Commission (NPC) yesterday summoned the management and other responsible officials of seven schools, institutions, and local government units as it investigates data breaches affecting at least 2,000 individual data subjects following an organized attack on government and commercial organizations last April 1, 2018.
The move came after digital investigators from the NPC determined that each of the exposed databases contained sensitive personal information or information that could be used to perpetuate identity fraud; that the exposed data is in the hands of unauthorized persons; and that the exposure of the data raises a real risk of serious harm to the affected data subjects.
Privacy Commissioner Raymund Enriquez Liboro said that initial estimate showed at least 2,000 individual data subjects affected. The exposed records include their name, address, phone number, email address, and in some instances, even passwords and school details.
Earlier, the privacy body sent notice to top officials of Taguig City University; the Department of Education offices in Bacoor City and Calamba City; the Province of Bulacan; Philippine Carabao Center; Republic Central Colleges in Angeles City; and Laguna State Polytechnic University, to appear before it from April 23 to 24. This, to explain why they did not notify, within 72 hours of the breach, the NPC nor the affected data subjects, whose personal data were made available for download via links posted on Facebook.
As of yesterday, NPC said, none of the affected organizations were able to issue any data breach notifications whatsoever, as part of their obligations as Personal Information Controllers (PICs) under the Data Privacy Act of 2012.