Sa isang pahayag, sinabi ng NPC na kabilang sa mga pinatawag ay mga opisyal ng Taguig City University; Department of Education sa Bacoor City at Calamba City; Province of Bulacan; Philippine Carabao Center; Republic Central Colleges sa Angeles City; anlt Laguna State Polytechnic University.
“This, to explain why they did not notify, within 72 hours of the breach, the NPC nor the affected data subjects, whose personal data were made available for download via links posted on Facebook,” sabi ng NPC.
Idinagdag ng NPC na hanggang kahapon wala pa ring naisusumite ang mga apektadong ahensiya at kompanya kaugnay ng nangyaring hacking.
“As of yesterday, none of the affected organizations were able to issue any data breach notifications whatsoever, as part of their obligations as Personal Information Controllers (PICs) under the Data Privacy Act of 2012. PICs are required to employ organizational, technical, and physical measures to protect personal data,” said Privacy Commissioner Raymund Enriquez Liboro. “This includes the duty to inform data subjects and this Commission if there is a serious data breach,” paliwanag ng NPC.
Idinagdag ng NPC na base sa imbestigasyon, mga sensitibong personal na impormasyon ang nakuha ng mga nasa likod ng hacking. “The National Privacy Commission determined that each of the exposed databases contained sensitive personal information or information that could be used to perpetuate identity fraud; that the exposed data is in the hands of unauthorized persons; and that the exposure of the data raises a real risk of serious harm to the affected data subjects,” ayon pa sa NPC.
Base sa inisyal na pagtaya ng NPC, umabot sa 2,000 katao ang apektado ng hacking. “They include their name, address, phone number, email address, and in some instances, even passwords and school details,” ayon pa sa NPC.