Cebuana Lhuillier reports nationwide data breach

Financial firm Cebuana Lhuillier, known nationwide for its remittance services, reportedly suffered a nationwide data breach, which put at risk all the personal data of its thousands of customers.

This occurred days after another major data breach supposedly took place at the Department of Foreign Affairs (DFA), which raised concerns about possible identity theft and that personal data taken from the agency may be used to manipulate the automated 2019 senatorial polls.

Saturday (January 19) morning, Cebuana Lhuillier’s Data Privacy Officer sent a “notice” to all its clients via email, informing them of the data breach.

Data at stake could include its customers’ personal information including name, birth date, email address, mobile number, and in some cases, and income information.

“We are writing to inform you of a security incident which may have affected your personal data stored in one of our email marketing tool servers,” the company told its customers.

The company said it detected on January 15 attempts to use one of its email servers as a relay to send out spam to other domains.

“Follow-up investigation resulted in the discovery of unauthorized downloading of contact lists used as recipients for email campaigns. These unauthorized downloads took place on August 5, 8, and 12, 2018,” Cebuana Lhuillier said.

“Upon discovery, remedial actions were taken to reduce the harm. The server was immediately disconnected from the network after confirmation of breach,” it added.

The incident has already been reported to the National Privacy Commission.

Right now, Cebuana Lhuillier has 2,500 branches nationwide. It operates businesses dealing with financial services such as pawning, remittance, microinsurance, and business-to-business micro loan solutions. (Manila Bulletin)