NPC orders Wendy’s fastfood joint to report database leak

The National Privacy Commission (NPC) has posted on its website a formal order, dated May 2, obliging Wendy’s Philippines to promptly notify data subjects affected in the breach and wholesale leak of its database last April 23.

The privacy agency said an estimated 82,150 records were exposed in the incident, which included personal details such as names, contact numbers, home addresses, hashed passwords, transaction details, and mode of payment of the company’s customers, loyalty card members, and even job applicants.

“This is the first time the NPC is making public a document of this nature. In due time, however, it shall publish all similar Orders on its official website,” the agency said.

Comment on this post