Gokongwei-owned budget carrier Cebu Pacific confirmed Thursday, April 25, that there was an “unauthorized access” in the application server of GetGo, its loyalty rewards program.
In a statement, Cebu Pacific said credit card information was not stored on the server. The breach happened Wednesday night, April 24.
“As a precaution, we have temporarily disabled log-in using GetGo credentials to the cebupacificair.com website and mobile app, both of which remain secure,” the statement said.
The airline said all GetGo online channels have also been temporarily disabled as it continues to investigate the matter.
“We have informed the National Privacy Commission, and are working with them on the investigation,” the company added.
The NPC, on the other hand, confirmed it has already received the notification sent by Cebu Pacific but is still awaiting updates regarding the “extent and nature” of the breach.
“We have instructed the company’s Data Protection Officer (DPO), Randall Evangelista, to also ascertain if there is a need to inform affected data subjects of the breach, along with specific precautions and other measures they may take to protect themselves. We have instructed Evangelista to personally report tomorrow to the NPC complaints and investigation team,” the agency said.