NPC confirms data breach reports for Toyota, Robinsons

Victor Barreiro Jr.

This is AI generated summarization, which may have errors. For context, always refer to the full article.

NPC confirms data breach reports for Toyota, Robinsons
The National Privacy Commission adds that S&R membership shopping club, allegedly a data breach victim as well, has not reported any data breaches

MANILA, Philippines – The Philippines’ National Privacy Commission (NPC) confirmed reports of data breaches for Toyota and Robinsons Malls while also saying S&R, a membership shopping club, has not reported any data breaches on its end despite a cybersecurity report pointing to S&R membership data being out in the wild.

Prior to NPC’s confirmation, cybersecurity enthusiast group Deep Web Konek said in a report on its blog on June 4 that Toyota, Robinsons Malls, and S&R had been the victims of data breaches.

Toyota and Robinsons Malls

The Toyota data breach, specific to its Makati branch, was said to have been discovered on May 29, and exposed the following personal identifiable information from 2016 to 2024:

  • Full names
  • Addresses
  • Bank documents
  • Valid IDs (such as passports and national IDs)
  • Email addresses
  • Photographs of bank documents and valid IDs

Meanwhile, the Robinsons Malls data breach reportedly exposed the data of approximately 107,000 customers, with the data being taken from the Robinsons Malls app.

The following information was said to have been exposed:

  • Full names
  • Email addresses
  • Mobile numbers
  • Birthdates
  • Genders
  • Provinces
  • Cities
  • Registration dates

The NPC, in a Facebook post on Thursday, June 6, said Toyota notified the NPC of a breach on May 14, while Robinsons Land, which owns Robinsons Malls, notified the commission of a breach on June 1.

The NPC added the reports were under evaluation.

No report from S&R

Deep Web Konek also noted a data breach at S&R affecting 11,000 consumers, with the breach claimed by a user named L00tz.

The reported data breach allegedly leaked the following bits of information:

  • Names
  • Email addresses
  • Phone numbers
  • Home addresses
  • Various personal identifiers

The NPC, in its statement, said that as of 7:25 am on June 6, there was no official notification of a data breach from S&R.

The NPC reminded, however, that “companies and individuals processing personal data must notify affected data subjects individually and report to the Commission via the Data Breach Notification Management System (DBNMS) within 72 hours of discovering a breach.”


Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Download the Rappler App!
Person, Human, Sleeve


Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.