Statement of Privacy Commissioner Raymund Enriquez Liboro on the recent April Fool’s hacking incidents

April 4, 2019 | 4:37 PM GMT+0800 Last Edit: April 4, 2019

1. Beginning 1 April 2019 until yesterday, the National Privacy Commission has gathered reports and claims of alleged hacking incidents of certain websites that may have involved personal data.


2. The incidents include hacking of individual user accounts on Facebook, Twitter, Yahoo, and Wattpad, among others. There were also some websites operated by some private and public organizations that were hit.


3. At least one group of local hackers has claimed ownership of these acts.


4. We expect to learn the details from affected Personal Information Controllers (PICs). Upon discovery of a personal data breach, and upon meeting certain criteria, a PIC has 72 hours to notify the NPC and the affected data subjects of the scope, nature, and extent of the data breach. In any event, appropriate actions should be taken to safeguard data subjects.


5. Under the Data Privacy Act, the failure to timely report a data breach is punishable by up to 5 years imprisonment and a fine of up to 1 million pesos upon conviction. Unauthorized Access or Intentional Breach is punishable by up to 3 years imprisonment and a fine of up to 2 million pesos upon conviction. Likewise, responsible officials of PICs who prove to be negligent in safeguarding personal data may also face imprisonment of up to 6 years and a fine of up to 4 million pesos upon conviction.


6. These hacking incidents are now under investigation.


7. Meantime, data subjects who may have been affected by any these or any similar incidents may call the NPC for complaints at 022342228 (local 114) or email us at [email protected]


# # #