News
NPC probes possible data breach in BDO hacking incident
MANILA – The National Privacy Commission (NPC) is looking into a possible personal data breach involving unauthorized transactions that siphoned money off hundreds of BDO Unibank (BDO) depositors.
In a statement on Wednesday, NPC Commissioner John Henry Naga said the NPC’s Complaints and Investigation Division has begun an investigation as early as December 11 and has issued notices to both BDO and Unionbank to provide information, documents, evidence, or witnesses.
“(The) NPC has been in constant coordination with both banks in relation to the ‘sua sponte’ investigation of the security incident,” Naga said.
The commission, he said, is also looking into BDO’s “10-year-old system” and whether sufficient “technical, organizational, and physical safeguards” were in place.
“Apart from requiring additional evidence and information, the NPC has ordered BDO and Unionbank to appear for a clarificatory conference, on Jan. 4, 2022, to verify and clarify the evidence submitted by the banks in relation to the investigation,” Naga said.
He said the NPC is also working with other government agencies on its investigation of the security incident.
“The NPC assures the public that all steps necessary to safeguard the rights of data subjects shall be taken and that the commission shall exercise the full extent of its powers under the law against any party found to be in violation of the DPA (Data Privacy Act),” Naga said.
Earlier, the Bangko Sentral ng Pilipinas (BSP) said the suspected hackers of the compromised BDO accounts have been identified, with two to four individuals suspected to be behind ‘Mark Nagoyo’ and at least six persons of interest.
BDO said it is processing the reimbursement of nearly 700 clients affected by these fraudulent transactions.