Privacy Commissioner John Henry Naga’s statement on possible personal data breach in recent BDO hacking

The National Privacy Commission (NPC) is investigating the possible personal data breach involving unauthorized transactions and potential unauthorized processing of personal data resulting from the suspected compromise of multiple BDO Unibank, Inc. (BDO) accounts.

As early as December 11, 2021, the NPC’s Complaints and Investigation Division has commenced the investigation of this serious security incident to determine the full extent of the compromise and any violations of the Data Privacy Act (DPA).

On December 13, 2021, the NPC has issued notices to both BDO and Unionbank to explain, including requiring the banks to furnish additional information, documents, evidence, or witnesses, as may be necessary. NPC has been in constant coordination with both banks in relation to the sua sponte investigation of the security incident.

Under the NPC’s Rules of Procedure, a sua sponte investigation allows the Commission to investigate possible personal data breaches even without a formal complaint from the public or a third party.

The NPC also looks into the relevance of BDO’s 10-year-old system to the alleged security incident and to determine whether sufficient technical, organizational, and physical safeguards were in place to prevent unauthorized disclosure of personal information that may have been contained in the system.

Apart from requiring additional evidence and information, the NPC has ordered BDO and Unionbank to appear for clarificatory conference, on January 4, 2022, to verify and clarify the evidence submitted by the banks in relation to the investigation.

The NPC assures the public that all steps necessary to safeguard the rights of data subjects shall be taken and that the Commission shall exercise the full extent of its powers under the law against any party found to be in violation of the DPA.

The Commission is also coordinating with other government agencies in relation to this security incident.

ATTY. JOHN HENRY D. NAGA
Privacy Commissioner

REPUBLIC OF THE PHILIPPINES

All content is in the public domain unless otherwise stated.

ABOUT GOVPH

Learn more about the Philippine government, its structure, how government works and the officials behind it.

GOV.PH
Open Data Portal
Official Gazette
GOVERNMENT LINKS
Department of Information and Communications Technology
Office of the President
Office of the Vice President
Senate of the Philippines
House of Representatives
Supreme Court
Court of Appeals
Sandiganbayan
NPC PRIVACY NOTICE
CONTACT US

+632 5322 1322

[email protected]