MANILA, Philippines – Globe confirmed on Tuesday, January 29, it had bungled the personal data of its subscribers, sending personal information to the wrong recipients.

Globe, as part of the registration process to a recent promotion, sent out confirmation emails to those who registered, according to a report on BestVPN.com. But somewhere in the process, the registering users and the email addresses had gotten mismatched, and users received confirmation emails meant for another user.

The emails contained the name, the full postal address, and the email address of the users, resulting in what is essentially a data leak. Other users saw data not intended for them.

The trouble surfaced online a few days ago when Globe users started tweeting about receiving missent emails:

I received this message from @enjoyGLOBE And registered knowing that its a legit link since it came from them. After that, an email was sent to me with someone else’s personal information! This is against the dta privacy act! Hello Globe!?? What the fuck is this??? pic.twitter.com/7VJ400v6yx

— Renny Jr. (@rennyjr0528) January 25, 2019

OMG ang daming Globe prepaid customers ang affected ng Personal Data Breach ng @talk2GLOBE including me. Everyone please do not SIGN UP to Globe’s #OnTheList as our personal info were already compromised!!! Please RT!!!

— Koya Boi Mong Faney (@kaiko0424) January 25, 2019

@enjoyGLOBE hey put a STOP to your #ONTHELIST registration NOW. You have been sending emails containing contact information of other people. Supposed to receive a copy of my details only. Data Privacy breach happening now. I am scared that you sent mine to others. @PrivacyPH

— Mister Minchin (@misterminchin) January 25, 2019

Really stressed out regarding Globe’s data breach

— berna • 버나 (@yookbingsu) January 25, 2019

Online reports say that the promotion was in relation to the concert of K-pop group Blackpink, who will be performing in Manila on February 2. The promo involved having a text sent to users, which asked them to register on a Globe website. Days later, the users reportedly received the wrong emails.

Globe released a statement about 4 days after the tweets via its “GlobeIcon” Facebook page. The full statement is below:

“Globe Telecom has rectified the issue with affected customers on sending wrong confirmation receipt to another individual and reported the incident to the National Privacy Commission in compliance with regulatory requirements. It was just a case of sending the data registration confirmation receipt to the wrong individual and was not sent en masse or as a group of data.  It only affected prepaid customers who have registered to the On The List program to avail of concert tickets and other music venues of Globe events. About 8,851 customers were affected out of 60 million prepaid customers.

Globe Chief Information Security Officer Anton Bonifacio said: ‘The On The List registration site was taken down immediately to remove access to potential registrants at the time and we have notified all affected prepaid customers of the issue.’” 

Privacy Commissioner Raymund Liboro, in a statement on January 29, said Globe informed the National Privacy Commission (NPC) of the issue on Sunday, January 27, through its data privacy officer. 

The NPC is currently “evaluating the incident and verifying the information given to us, following our standard procedure.”

Affected users are urged to keep watch over their offline and online accounts for anomalous behavior and change passwords and verification information. They should also be wary of potential phishing scams. 

– Rappler.com