THE Philippine government has directed Facebook to provide insurance to more than 700,000 Filipinos whose social-media accounts were compromised in a large-scale data breach in September.
The National Privacy Commission (NPC) ordered Facebook to provide identity theft and phishing insurance for Filipino data subjects affected by the September data breach. The attack reportedly compromised the accounts of more than 30 million users worldwide.
If Facebook cannot do so, it can instead establish a help desk for Filipino data subjects on privacy-related matters, located in the country and with a local number, within six months from receipt of the order. It is also instructed to submit a more comprehensive data breach notification report to the NPC, as well as inform its affected users.
Facebook, too, is directed to roll out a program intended to raise the awareness of Filipino users on identity theft and phishing. Last, it is told to provide evidence of compliance with the aforementioned measures.
Identity theft is the fraudulent manipulation and use of a person’s private identifying information frequently utilized in financial scams. Phishing is the fraudulent practice of sending e-mails from ostensibly reputable firms in order to induce individuals to reveal private details, such as credit-card numbers and passwords.
The data breach took place in September and threatened the accounts of more than 30 million Facebook users.
The social-media network addressed the attack by forcibly logging out the affected data subjects. However, in spite of the response, millions of accounts were still compromised one way or the other.
The NPC said an estimated 387,322 Filipino data subjects had their basic profile information compromised. This includes full name, e-mail address and phone number, if it is attached to the account.
Additional basic information of 361,227 Filipino users are potentially obtained by the attackers. Aside from full name, e-mail address and phone number, their recent search queries and accounts they follow, among others, could have been acquired, too.
The third and last bracket of compromised accounts were hit most, as their posts, list of friends, groups they are members of and the names of who they recently talked to might have been obtained, on top of basic profile information. This was the case for about 7,424 Filipino accounts.
“Be that as it may, Facebook contends in its letter dated October 13, 2018, there is no material risk of more extensive harm occurring,” the order read.
“This commission does not agree; the risk of serious harm to Filipino data subjects is more than palpable. The conditions for individual notification are present,” it added.