Latest Statement of Privacy Commissioner Raymund Enriquez Liboro on the Uber Personal Data Breach

  1. Today, Uber made public additional information earlier made available to us on their 2016 data breach. We were informed that around 171,000 Filipino citizens consisting of drivers and passengers were affected by the breach. We understand this to be based on the mobile phone numbers included in the registry. We were also informed that the exposure of the affected data subjects was limited to their registered name, e-mail address, and phone number.
  2. We are looking now at the processes and procedures that Uber claims they have taken to ensure that this matter never happens again. We are paying particular attention to the steps taken to ensure that in the future, data breaches of this magnitude will not be concealed from regulators and from affected data subjects.
  3. In line with this, we have summoned them to appear before the Commission to further explain their data processing operations particularly the organizational, technical and physical security measures Uber Philippines is implementing to protect Filipino drivers and riders.
  4. We remind the public that the concealment of data breaches that involve sensitive personal information or data is a criminal offense.
  5. We have received reports of irregular processing following the report of the breach, but we are still investigating these claims and their link to the 2016 data breach incident. As usual, we expect full cooperation from Uber on these matters.