MANILA, Philippines — The National Privacy Commission (NPC) has summoned officials of transport hailing mobile application Uber over a reported data breach involving over 50 million users and drivers worldwide.
“We would like to know the extent of the breach and if Filipino users were affected,” NPC commissioner Raymund Liboro told The STAR yesterday.
“Under the data privacy law, companies that handle personal sensitive information of the general public should have reported to us 72 hours after learning about the breach,” he added.
Uber chief executive officer Dara Khosrowshahi on Wednesday confirmed to Bloomberg US that a massive data breach happened last year and that it was concealed by its former chief security officer and one of his deputies.
Khosrowshahi said the breach involved the personal data of 50 million users and seven million drivers worldwide.
“While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,” Khosrowshahi was quoted as saying.
“None of this should have happened, and I will not make excuses for it,” he added.
In a statement, the NPC said Uber must comply with Philippine data privacy and protection laws as it processes Filipino end user data.
“To this end, we have summoned Uber to a meeting… to shed more light about the incident and to comply with the formal breach notification procedure as provided by the Data Privacy Act of 2012,” said the privacy body.
“This includes providing the NPC with detailed information on the nature of the breach, the personal data of Filipinos possibly involved, and the measures taken by Uber to address the breach,” it added.