Cebuana Lhuillier said Saturday some 900,000 clients might have been affected by a breach that might have compromised their personal data, prompting the National Privacy Commission to launch an investigation.
The local pawnshop, in a statement, said the data compromised might include birth dates, addresses, and sources of income.
But it gave assurances that transaction details or information were not compromised and the pawnshop’s main servers “remain safe and protected.”
The pawnshop had previously said attempts to use one of its servers were detected last Jan. 15 but that unauthorized downloads from its servers took place on Aug. 5, 8, and 12 of last year.
It said affected clients had been notified and the data breach had been reported to the NPC, adding “We are committed to ensuring the data privacy of our clients and adhere to strict security protocols in protecting our interests.”
“We will provide additional information regarding the incident as soon as it becomes available,” it added.
NPC Commissioner Raymund Liboro said representatives from Cebuana Lhuillier went to the NPC on Jan. 19 to seek assistance regarding a data breach involving their email server.
“At the meeting, they committed to submit a more detailed report regarding the data breach,” he said.