Globe sends customer data to wrong users
Globe has confirmed that it has experienced an issue with their On The List program where they sent the data registration confirmation receipt containing personal information to wrong users.
Reports of the incident were posted on Twitter starting January 25, 2019, where prepaid subscribers who signed-up to Globe’s On The List community received confirmation emails that contains someone else’s personal information including the complete name, prepaid number, email address, and complete address. Customers have raised concerns regarding the privacy of their data.
I received this message from @enjoyGLOBE And registered knowing that its a legit link since it came from them. After that, an email was sent to me with someone else's personal information! This is against the dta privacy act! Hello Globe!?? What the fuck is this??? pic.twitter.com/7VJ400v6yx
— Renny Jr. (@rennyjr0528) January 25, 2019
May nag email din sakin from Globe after ko mag sign up for Blank Pink Concert etc.. and yung email ay from someone else's information. Including his Complete Name, Address, Contact No. This is alarming, imagine all of your personal information being sent to any/everyone.. pic.twitter.com/ECnmAmK9XJ
— Ed Jay Celino (@Jhayejhaye23) January 29, 2019
On January 29, 2019, Globe posted an official statement confirming the incident and said that they have “rectified the issue with affected customers on sending wrong confirmation receipt to another individual.” The telco has also reported the incident to the National Privacy Commission in compliance with regulatory requirements. “It was just a case of sending the data registration confirmation receipt to the wrong individual and was not sent en masse or as a group of data,” said the statement.
According to Globe, it only affected prepaid customers who have registered to the On The List program to avail of concert tickets and other music venues of Globe events. Globe said that about 8,851 customers were affected out of 60 million prepaid customers.
“The On The List registration site was taken down immediately to remove access to potential registrants at the time and we have notified all affected prepaid customers of the issue,” said Globe Chief Information Security Officer Anton Bonifacio.
On January 29, 2019, the National Privacy Commission (NPC) has posted a statement regarding the breach notification by Globe.
According to the NPC, they were notified about the personal data breach on January 27, 2019. Based on Globe’s report, the breach occurred due to a system error. The NPC is now evaluating the incident and verifying the information, following their standard procedure.
Globe’s full statement below:
NPC’s full statement below: