^

Business

NPC seeks Facebook report, insurance over data breach

Louella Desiderio - The Philippine Star
October 19, 2018 | 12:00am

MANILA, Philippines — The National Privacy Commission (NPC) has ordered Facebook to submit a data breach notification report and provide identity theft and phishing insurance to the 755,973 affected users of the social networking site based in the Philippines.

In an order dated Oct.17, NPC said it is directing Facebook to submit a more comprehensive data breach notification report on the incident, as well as notify the affected data subjects in line with rules under NPC Circular 16-03.

NPC also ordered Facebook to provide identity theft and phishing insurance for affected Philippine-based data subjects, or as an alternative, set up a dedicated help desk or help center for affected individuals on privacy related matters concerning Facebook.

“Due to the nature and exposure of the Filipino data subjects, Facebook must also provide for identity theft insurance or credit monitoring service for free to affected Filipino data subjects; or, in the alternative, establish a dedicated help desk/help center for Filipino data subjects who may be adversely affected by this incident, to provide assistance in identity restoration and other related matters,” NPC said.

The help desk, to be located in the country, must be in place within six months from the receipt of the order.

In addition, Facebook is directed to implement a program to raise the awareness on identity theft and phishing of Filipino data subjects.

NPC issued the order as 755,973 Philippine-based users were affected in the use of the “View As” feature of the social networking site to extract information without consent.

Facebook believes the attack may have taken place during the unexpected increase in traffic on the use of the “View As” feature of the social networking site late last month.

Last Sept. 28, NPC received informal notice from Facebook on the vulnerability found in the social networking site.

Facebook has categorized the affected users into three distinct groups, or “buckets” based on the personal information the perpetrator may have accessed.

The first bucket which involves an estimated 387,322 Philippine-based user accounts are those whose basic profile information such as the registered full name, email address and phone number, may have been compromised.

For the second bucket which covers 361,227 Philippine-based user accounts, the perpetrator may have also obtained the information in addition to basic profile such as username, name on the profile, email address, phone, gender, relationship status, religion, hometown, location, birthday, devices, educational background, work history, website, verified status information, recent places where the user has checked in, recent search queries, and up to the top 500 accounts followed.

As for the third bucket which involves 7,424 Philippine-based users, the perpetrator may have obtained further information including posts on their timeline, list of friends, groups they are part of, and the names of recent Messenger conversations.

While Facebook has said in its letter there is no material risk of more extensive harm occurring, NPC holds a different view.

“The conditions for individual notification are present. As Facebook itself notes, the main potential impact for affected users will be an increased likelihood of getting targeted for professional ‘spam’ operations and ‘phishing’ attacks. However, the risk and vulnerability of Filipinos to spam and phishing are regarded as one of the highest in the world,” NPC said.

Based on a report from Kasperky Lab, approximately nine out of 10 Filipinos are susceptible to phishing attacks.

As the level of awareness for spam, phishing and identity theft in the Philippines is not the same as in the US and the other developed nations, the NPC deems it necessary that Facebook consider the cultural gap when notifying the affected data subjects.

“Facebook should modify its approach and provide a more conducive method that enables affected Filipino data subjects to better grasp the risks they face. The potential deleterious effects of a breach should not be diluted in the notification to the data subjects. Data breach notifications for data subjects are for their benefit; we must provide as much information as possible to assist the affected data subjects to brace for its impact,” NPC said.

vuukle comment

FACEBOOK

NATIONAL PRIVACY COMMISSION
Philstar
x
  • Latest
  • Trending
Trending
Latest
Trending
abtest
abtest

Guide to Building Code IRR for property developers

2 days ago
The Center for Global Best Practices will host a comprehensive two-day training titled, “Property Developers’ Guide to the Building Code IRR of the Philippines,” on May 21 and 22, 2024 from 9 a.m....
Business
fbtw
Energy policy failure

Energy policy failure

By Boo Chanco | 10 hours ago
The Department of Energy has revealed that the total capacity of power plants in forced outages has more than doubled over...
Business
fbtw
Fewer ads take toll on GMA’s profitability

Fewer ads take toll on GMA’s profitability

By Elijah Felice Rosales | 10 hours ago
Broadcast giant GMA Network Inc. booked fewer advertising placements in the first quarter, causing its revenue to fall and...
Business
fbtw
SM Prime defers $1 billion IPO of REIT unit

SM Prime defers $1 billion IPO of REIT unit

By Richmond Mercurio | 10 hours ago
There will be no initial public offering happening this year for the real estate investment trust of Sy-led integrated property...
Business
fbtw
SMC eyes P20 billion fixed bond offer

SMC eyes P20 billion fixed bond offer

By Richmond Mercurio | 10 hours ago
Diversified conglomerate San Miguel Corp. targets to offer in June fixed-rate bonds in a bid to raise P20 billion.
Business
fbtw
Latest
abtest
Easing Middle East tensions push market higher

Easing Middle East tensions push market higher

By Richmond Mercurio | 10 hours ago
The stock market advanced for a second consecutive session yesterday as it received much-needed boost from gains in the US...
Business
fbtw
ABS-CBN shows back on Channel 2

ABS-CBN shows back on Channel 2

By Elijah Felice Rosales | 10 hours ago
The Lopezes have found another platform where they can air ABS-CBN shows, signing a content partnership agreement with the...
Business
fbtw

RLC, PRA partner to raise bar for retirement living

By Richmond Mercurio | 10 hours ago
Robinsons Land Corp. has joined forces with the Philippine Retirement Authority to elevate retirement living in the country.
Business
fbtw
BPI bullish this year amid continued loan growth

BPI bullish this year amid continued loan growth

By Keisha Ta-Asan | 10 hours ago
After posting record earnings in the first quarter, Bank of the Philippine Islands is optimistic about its growth prospects...
Business
fbtw

Password security

By Marianne Go | 10 hours ago
May 1 apparently is no longer just Labor Day, it has also been designated as World Password Day.
Business
fbtw
Recommended
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with