NPC Strongly Warns Against Resharing of PhilHealth Leaked Data

The National Privacy Commission (NPC) stands resolute in our commitment to safeguard your personal data and uphold your privacy rights. Today, we reiterate a critical warning regarding the leaked personal data from the Philippine Health Insurance Corporation (PhilHealth).

It has come to our attention that the personal data exfiltrated from PhilHealth is being shared illicitly. We want to emphasize the gravity of this situation and the severe consequences that await anyone involved in processing, downloading, or sharing this data without legitimate purpose or without authorization.

Under Section 25 of the Data Privacy Act of 2012 (DPA), those found guilty of unauthorized processing of personal information will face penalties that include imprisonment for one to three years and a fine ranging from Php500,000 to Php2,000,000. Unauthorized processing of personal sensitive personal information carries even more substantial penalties: imprisonment for three to six years and a fine ranging from Php500,000 to Php4,000,000.

Sharing such leaked data exposes affected individuals to a range of risks, including identity theft, fraud, extortion, blackmail, and other malicious activities. We urge you, as responsible citizens, to refrain from resharing this data and to promptly report its presence to the relevant authorities, including the NPC and law enforcement agencies.

We also call upon personal information controllers and processors to strengthen their data protection measures. Compliance with the DPA and other relevant laws and regulations is not just essential; it is a collective responsibility to protect the rights and privacy of every Filipino.

For inquiries and real-time updates on this matter, please visit our official website at or contact us directly at [email protected]. Your privacy matters, and NPC is here to protect it.