NPC probes Cebuana Lhuillier data breach
The National Privacy Commission on Friday said that it has started investigating the alleged data breach incident involving pawnshop chain Cebuana Lhuillier, which affected personal information of its around 900,000 clients.
NPC Commissioner Raymund Enriquez Liboro said they met with the representatives from Cebuana Lhuiller seeking assistance regarding a data breach involving their email server.
"At the meeting, they committed to submit a more detailed report regarding the data breach. Cebuana Lhuiller informed us that it has engaged the services of a third party information security service provider to handle their mitigation and response to this incident," Liboro said.
"We await further details as to scope and severity of the breach," he added.
NPC said Cebuana Lhuiller has 72 hours from discovery of a data breach to report the same to the Commission and the affected data subjects.
The data subject notification must be done individually.
"This incident is now under investigation," the commissioner said.
In a statement, Cebuana Lhuillier said it discovered a data breach, which includes the birthdays, addresses, and source of income, of its around 900,000 clients.
"Transaction details or information were not compromised. The company's main servers remain safe and protected," it said.
Cebuana Lhuillier said it already notified its clients and provide them guidance on how to further protect their personal information.
"We are committed to ensuring the data privacy of our clients and adhere to strict security protocols in protecting our interest," it said. Ella Dionisio/DMS