MANILA -- The National Privacy Commission (NPC) is conducting its investigation on the data breach involving Globe Telecom, which may have put at risk the personal information of 8,851 subscribers.
The incident occurred a few days ago after Globe customers were asked to register on its ‘On the List’ promotion site after they received a text message, saying that they were qualified to avail of tickets to the concert of Korean pop group BlackPink on February 2. They will receive a copy of the form they filled up after their registration.
The users registered their full names, complete addresses, and mobile numbers to the site. Some of them eventually received an e-mail containing the registration details of different subscribers instead of their personal information.
“On Sunday, Globe, through their Data Protection Officer, formally notified us of this incident. Based on their report, the personal data breach occurred due to a system error, potentially affecting 8,851 customers. Our team is still evaluating the incident and verifying the information given to us, following our standard procedure,” Privacy Commissioner Raymund Liboro said in a statement on Tuesday.
For its part, Globe acknowledged that it has sent the wrong confirmation receipt to their subscribers and has taken down the ‘On List’ site to remove access to potential registrants as well as notified all affected prepaid customers of the issue.
“Globe Telecom has rectified the issue with affected customers on sending wrong confirmation receipt to another individual and reported the incident to the National Privacy Commission in compliance with regulatory requirements,” according to Globe Chief Information Security Anton Bonifacio.
“It was just a case of sending the data registration confirmation receipt to the wrong individual and was not sent en masse or as a group of data. It only affected prepaid customers who have registered to the On the List program to avail of concert tickets and other music venues of Globe events,” he added.
The NPC advised those who have been affected to monitor their online and offline accounts for any unusual activity, change passwords and other means of identity verification and be on alert for attempts to obtain their personal data and other online risks.
The privacy watchdog assured that it will provide updates once it has concluded its evaluation. (PNA)
