SUMMARY
This is AI generated summarization, which may have errors. For context, always refer to the full article.
MANILA, Philippines – The Philippines’ National Privacy Commission (NPC) confirmed reports of data breaches for Toyota and Robinsons Malls while also saying S&R, a membership shopping club, has not reported any data breaches on its end despite a cybersecurity report pointing to S&R membership data being out in the wild.
Prior to NPC’s confirmation, cybersecurity enthusiast group Deep Web Konek said in a report on its blog on June 4 that Toyota, Robinsons Malls, and S&R had been the victims of data breaches.
Toyota and Robinsons Malls
The Toyota data breach, specific to its Makati branch, was said to have been discovered on May 29, and exposed the following personal identifiable information from 2016 to 2024:
- Full names
- Addresses
- Bank documents
- Valid IDs (such as passports and national IDs)
- Email addresses
- Photographs of bank documents and valid IDs
Meanwhile, the Robinsons Malls data breach reportedly exposed the data of approximately 107,000 customers, with the data being taken from the Robinsons Malls app.
The following information was said to have been exposed:
- Full names
- Email addresses
- Mobile numbers
- Birthdates
- Genders
- Provinces
- Cities
- Registration dates
The NPC, in a Facebook post on Thursday, June 6, said Toyota notified the NPC of a breach on May 14, while Robinsons Land, which owns Robinsons Malls, notified the commission of a breach on June 1.
The NPC added the reports were under evaluation.
No report from S&R
Deep Web Konek also noted a data breach at S&R affecting 11,000 consumers, with the breach claimed by a user named L00tz.
The reported data breach allegedly leaked the following bits of information:
- Names
- Email addresses
- Phone numbers
- Home addresses
- Various personal identifiers
The NPC, in its statement, said that as of 7:25 am on June 6, there was no official notification of a data breach from S&R.
The NPC reminded, however, that “companies and individuals processing personal data must notify affected data subjects individually and report to the Commission via the Data Breach Notification Management System (DBNMS) within 72 hours of discovering a breach.”
– Rappler.com
Add a comment
How does this make you feel?
There are no comments yet. Add your comment to start the conversation.