Over 900k Cebuana Lhuillier customers affected in new data breach

Cebuana Lhuillier has announced that its customer base had been breached, affecting accounts in the process.

The notice has been sent just awhile ago to all customers who are subscribed to their emails, including this author. “We are writing to inform you of a security incident which may have affected your personal data stored in one of our email marketing tool servers,” the letter first read. “On January 15, 2019, we detected attempts to use one of our email servers as a relay to send out spam to other domains.   Follow-up investigation resulted in the discovery of unauthorized downloading of contact lists used as recipients for email campaigns.  These unauthorized downloads took place on August 5, 8, and 12, 2018.”

Cebuana disclosed to YugaTech that over 900,000 accounts were compromised, data of which included birthdays, addresses, and source of income.

The preventive steps were already taken upon discovery of the incident, according to the company. “Upon discovery, remedial actions were taken to reduce the harm. The server was immediately disconnected from the network after confirmation of breach. The incident was likewise reported to the National Privacy Commission,” it said.

The company assures that no transaction records or information were affected by the breach, but still recommends its users to change passwords in all accounts immediately, do not put the same password in all accounts, and be cautious in providing sensitive personal information to other parties. For any inquiries, you may contact Cebuana Lhuillier’s Data Protection Officer thru the email [email protected] or via SMS-only numbers at 09188122737 or 09178122737.

Updated 2:30pm