Consumers: Don’t ask for unnecessary data

DATA BREACH. After Cebuana Lhuillier reported that the personal information of some 900,000 clients was compromised, consumers believe some data that companies ask for are not needed. (SunStar photo / Arni Aclao)

CONSUMERS want remittance firms to simplify money transaction requirements, following the data breach faced by one of the country’s biggest pawnshops.

Zandro Guillo, a nursing educator, said companies should no longer ask for unnecessary personal data.

“Unsay gamit sa birthday to claim money? (What’s the use of requiring birth dates to claim money?) A valid government issued ID, I think, would be enough to prove one’s identity,” said Guillo.

Guillo turns to Cebuana Lhuillier when paying.

“In this age where technology is supposed to give you better privacy protection, it’s scary to know that there are still many possibilities for your personal data to be accessed by some people. Is there any safer way to store our data in the cloud now?” Guillo said.

On Saturday, Cebuana Lhuillier announced that one of its servers fell victim to a data breach that may have compromised the personal information of its more than 900,000 clients.

Information that could have been compromised include birth dates, addresses, and sources of income, the company said in a statement.

“Upon discovery, we immediately coordinated with the National Privacy Commission (NPC) to investigate the matter, and already implemented safety measures to protect the personal data of our clients. We also notified all affected clients and provided them guidance on how to further protect their personal info,” said the PJ Lhuillier Group of Companies (PJLGC) in a statement.

PJLGC is the company behind Cebuano Lhuillier, a financial services provider specializing in pawning, remittance and microinsurance.

Government employee Jonathan Litang expressed frustration about these data breaches, saying that it is high time the NPC compelled both public and private agencies to invest in the upgrade of their cyber security and data privacy systems.

Earlier, the NPC said it would conduct a fact-finding investigation in the supposed data breach in the Philippine passport system.

“The data at stake in the Cebuana Lhuillier breach is enough to steal anyone’s identity. Imagine, you are sending your money from a CL branch and then someone will claim it since the receiver’s identity has been stolen. And, we cannot tell that it only concerns the personal information of the customers,” said Litang, adding that financial reports and other company information may have been compromised, too.

“What concerns me the most is that the Philippines has been vulnerable to these issues and that attacks or breaches are lately becoming recurrent,” he added. Litang also worried that the stolen information may be used by parties with vested interests.

In its official statement posted on its Facebook account, NPC said representatives from Cebuana Lhuiller went to their office on Jan. 18 to seek assistance regarding a data breach involving their email server.

At the meeting, the NPC said the representatives committed to submit a more detailed report regarding the data breach.

“Cebuana Lhuillier informed us that it has engaged the services of a third party information security service provider to handle their mitigation and response to this incident. We await further details as to scope and severity of the breach,” said the NPC.

The agency said the incident is now under investigation.


SunStar website welcomes friendly debate, but comments posted on this site do not necessarily reflect the views of the SunStar management and its affiliates. SunStar reserves the right to delete, reproduce or modify comments posted here without notice. Posts that are inappropriate will automatically be deleted.

Forum rules:

Do not use obscenity. Some words have been banned. Stick to the topic. Do not veer away from the discussion. Be coherent. Do not shout or use CAPITAL LETTERS!