MANILA, Philippines (UPDATED) – Financial servicers firm Cebuana Lhuillier said on Saturday, January 19, that personal information of around 900,000 people were affected in a data breach involving their email server used for marketing purposes.
“Some of these information included birthdays, addresses and source of income,” Cebuana Lhuillier said in a statement sent to Rappler.
“Transaction details or information were not compromised. The company’s main servers remain safe and protected,” it assured its clients.
Cebuana Lhuillier said it had reported the incident to the National Privacy Commission. (READ: What to do in case of a data breach)
In a text message to Rappler, Privacy Commissioner Mon Liboro said that the incident is currently under investigation.
“They committed to submit a more detailed report regarding the data breach. Cebuana Lhuillier informed us that it has engaged the services of a thrid party information security service provider to handle their mitigation and response to this incident,” Liboro said.
“We await further details as to scope and severity of the breach,” the privacy chief added.
On Saturday, Cebuana Lhuillier informed its clients of the breach via email, as reported by Yuga Tech. The firm said unauthorized downloads of the information took place August 5, 8, and 12, 2018.
In the same email, the firm advised its customers to change the passwords of their accounts where they used personal information.
Cebuana Lhuillier offers domestic and international remittance, pawning, microinsurance, and micro-loaning services, with over 2,500 branches around the Philippines. – Rappler.com