Cebuana Lhuillier has released their official statement confirming the data breach that happened to one of their servers that is used for marketing purposes.
The local pawnshop giant said that personal data of their customers including birth dates, addresses, and sources of income may have been compromised.
It was estimated that over 900,000 Cebuana Lhuillier customers were affected.
Good thing transaction details or information “remain safe and protected” at the company’s main servers.
According to news reports, the breach was detected January 15. However, the illegal downloads happened on Aug. 5, 8, and 12 of last year.
The incident has been reported to National Privacy Commission (NPC) for investigation
Emails were also sent out to affected customers advising customers.
“On January 15, 2019, we detected attempts to use one of our email servers as a relay to send out spam to other domains,”
“Follow-up investigation resulted in the discovery of unauthorized downloading of contact lists used as recipients for email campaigns. These unauthorized downloads took place on August 5, 8, and 12, 2018,
“change the passwords of all user accounts in which personal information details or portions of it are used as passwords.”
“Do not use the same password across multiple accounts. Use strong passwords. Change passwords regularly,” the email stated.