MANILA, Philippines – Uber Philippines has confirmed to the National Privacy Commission (NPC) that Filipino users were indeed exposed in a massive data breach in 2016 affecting 57 million Uber users and drivers. 

However, aside from the confirmation, the company wasn’t able to provide any further details on how many Filipinos were affected, and the full scope of the effects.

“Unfortunately, Uber failed to provide the level of detail that we expect from personal information controllers about data breach notifications, such as the actual number of Filipinos affected, and the scope of their exposure,” said NPC commissioner Raymund Liboro in a statement. (READ: PH privacy commission summons Uber execs over data breach)

Investigations will continue, and Uber will face the possibiliy of civil and criminal liabilities for the concealment of a data breach under the Data Privacy Act of 2012. The breach happened in October 2016, but was only made public on Wednesday, November 23, Philippine time.

Uber CEO Dara Khosrowshahi said that their two information officers who led the response to the breach opted to withhold the information from the public. The officers were fired on the day of the breach announcement.

A report also said that Uber paid the hackers $100,000 to destroy the data, not telling which rider or driver’s information was exposed. (READ: Should Uber users be worried about data hack?)

Those responsible for the exiltration of data will face charges too from the NPC. 

Uber has repeatedly said that there has been no misuse or evidence of fraud tied to the incident, nor was information such as trip location history, credit card numbers, bank account numbers, or dates of birth accessed and downloaded. The breach primarily stole names, email addresses, and mobile phone numbers of Uber riders. 

Of the 57 million affected in the hack, 600,000 are said to be drivers whose driver’s license information was stolen. Among these 600,000 instances, there was no indication that a Filipino driver’s license had been one of these, said Uber. 

Aside from the Philippines and the NPC, Uber is currently facing investigations globally in other countries such as the US, Mexico, and Australia. The NPC said that they are also working with data privacy authorities in the US and Australia to investigate further. 

Uber also currently has an information page available on the app regarding the breach, found in the “Accounts and Payment Options” menu within the “Help” section. – Rappler.com