MANILA – The National Privacy Commission (NPC) is set to investigate the hacking of Cebu Pacific’s GetGo rewards application server which occurred on Thursday.
Cebu Pacific has sent its preliminary notification of an unauthorized breach of its website’s database in compliance with the NPC notification requirement within 72 hours upon discovery of the breach.
“In the notification, the company’s data protection officer (DPO) Randall Evangelista said the extent and nature of the breach is still being determined,” Privacy Commissioner Raymund Liboro said in a media statement on Thursday.
The Privacy Commission has directed the Cebu Pacific’s DPO to assess if there is a need to inform affected data subjects about the breach, along with specific precautions and other measures they may take to protect themselves, after which they must also report to NPC’s complaints and investigation team on Friday.
Meanwhile, NPC media relations officer Joe Vizcarra told the Philippine News Agency that Cebu Pacific is given five days to submit a full report of the hacking incident after the preliminary notification before it conducts a formal investigation.
“In case we determined any significant instances that would warrant an investigation or if they don’t follow breach reporting protocols, then that’s the time we will shift to formal investigation,” Vizcarra said in a text message.
GetGo is CEB’s rewards program, wherein purchases and flights let customers earn points that can be used for flights.
Cebu Pacific temporarily disabled log-ins using GetGo credentials to the carrier’s website and mobile app.
Both the website and mobile app remain secure while the credit card information was not stored on the GetGo server. (PNA)