Cebuana Lhuillier Reports Data Breach Incident

Personal data like names, birth dates are compromised

While data breaches normally happen in other countries, this new incident involving Cebuana Lhuillier proves that even the Philippines is vulnerable to such.

In an email sent today, Cebuana Lhuillier said that they detected attempts to use one of our email servers as a relay to send out spam to other domains on January 15. Upon further investigation, Cebuana Lhuillier found out that there were prior incidents of unauthorized access, which took place on August 5, 8, and 12, 2018.

Compromised data include clients’ names, birth dates, email addresses, mobile numbers. In some cases, even income information was compromised as well. Cebuana Lhuillier did not disclose how many accounts were affected by the incident, but they said that “it has disconnected the affected server from the network and reported the breach to the National Privacy Commission.”

Following the incident, Cebuana Lhuillier advised its customers to change the passwords of all user accounts. For any inquiries, you may contact Cebuana Lhuillier’s Data Protection Officer thru the email emailprivacy@pjlhuillier.com or via SMS-only numbers at 09188122737 or 09178122737.

UPDATE: Cebuana Lhuillier has issued a statement, stating that over 900,000 accounts were affected by the breach.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button