The National Privacy Commission vowed to make all the necessary steps to help online stock broker COL Financial Group Inc. resolve a potential data breach to its system.
Privacy Commissioner Raymund Liboro said the commission received a notification from COL Financial on Oct. 20, informing them that a breach might have occurred.
“We note that this notification has adhered to standard breach reporting protocols set forth in NPC Circular 16-03, on Personal Data Breach Management,” he said.
The company said in the notification that “sometime in the afternoon of 17 October 2017” it detected “a possible breach” in its system that “may involve some personal client information.”
The company assured the commission that it took immediate measures to address the incident, creating a response team to look into the “likelihood of the threat and probable extent of a data breach, if any.”
Attached to the notification was a preliminary report giving additional details of what the breach response team had done.
The company said it ran an initial vulnerability scan of its website that showed “favorable” results.
It also mentioned the company hiring a third-party group to perform an independent security and vulnerability check of the system.
COL Financial said it was upfront and transparent in handling this incident. This included notification to the commission and the affected data subjects within 72 hours upon knowledge or reasonable belief that a breach has occurred.
The commission it expected to receive from COL Financial a full report on the incident within five days.
“This will aid us to more accurately investigate the incident and decide on our further course of action,” Liboro said.
The commission assured the public especially the clients of COL Financial it was monitoring the incident and would issue new information to all concerned parties as soon as they became available.