The privacy body said a certain hacker under the name “creepxploit” is selling the personal data of 3.3 million users of Cashalo containing their usernames, passwords, e-mail addresses, phone numbers, and device identifications.
Online lending firm Cashalo issued a statement on Saturday, Feb. 20, saying its “IT security team discovered a potential data security incident involving a Cashalo-only database archive”.
According to a discussion thread in the Facebook page of Privacy.PH, the personal data being peddled at the dark Web appears to be legitimate although Cashalo has not yet submitted any breach incident report to the NPC.
In what is believed to be the first case of a local firm found violating the data privacy law, the National Privacy Commission (NPC) has recommended the criminal prosecution of Fynamics Lending Inc., the operator of the PondoPeso online lending application that was the subject of numerous data privacy complaints.
The NPC said a strict social media policy entails prohibiting teachers and other school personnel from using personal data collected in an official capacity or during an official school activity for personal purposes.
The measure, authored by House deputy speaker Michael Romero and ICT committee chair Victor Yap, seeks to address the data privacy challenges and cross-border data processing concerns in the country.
The National Association of Data Protection Officers of the Philippines (NADPOP) will train Filipino micro- small- and medium-sized enterprises (MSMEs) that are members of the BounceBack PH (BBPH) movement on data privacy and protection fundamentals to help them manage the privacy of their customers online and offline.
Governments and their lists can be very dangerous. History has shown us that. If data protection offers neither refuge nor relief from them, then everything it is supposed to stand for would simply ring hollow.
WhatsApp is set to change its privacy policy in a way that would allow the sharing of data with third-party companies hosted by its parent firm Facebook, the NPC said.
The NPC ordered online lender Familyhan to immediately take down its master database online to prevent more people from gaining unauthorized access to it.
