The personal data of 8,851 Globe prepaid subscribers were mistakenly sent out to the wrong people on January 26, 2019, by Globe itself!
These came in the form of an email that included the full name, mailing address, and email address of these users. Globe has already reported the incident to the National Privacy Commission (NTC) prompting the later to conduct an investigation.
Is this a data breach?
The incident is technically a data breach but with a limited scope. The affected subscribers are those that registered to the telco’s “On the List” program where they can avail concert tickets, movie tickets, and other perks.
Once a subscriber registered, a message was sent to his or her email address for confirmation. However, there was a mismatch in the email addresses and a user’s data was sent to a different email address.
While the data was only sent to one individual (basically another victim), there’s no assurance that it won’t be used for phishing attacks or abused in some other method.
Data Privacy Act
According to the Data Privacy Act of 2012, unauthorized disclosure of personal data due to negligence is punishable by one to three years of imprisonment and a fine of half a million Pesos to 1 million Pesos.
The investigation will most likely point to the negligence of several individuals resulting in the incidence.
However, it’s best to know what Globe’s action will be. What safeguards will the telco put in place to prevent a similar mistake in the future? How will they compensate the affected subscribers?