Philippine Management Company Email Server Breached

2019, Breaches, January

Who: Cebuana Lhuillier 

No. of Accounts Breached: Over 900,000

What was affected: Clients’ names, birth dates, email addresses, mobile numbers and in some cases, income information

When it happened: August 5, 8, 12, 2018.

How it happened: “On January 15, 2019, we detected attempts to use one of our email servers as a relay to send out spam to other domains,” the notice read. “Follow-up investigation resulted in the discovery of unauthorized downloading of contact lists used as recipients for email campaigns. These unauthorized downloads took place on August 5, 8, and 12, 2018,” it said.

Outcome: Cebuana Lhuillier added that it has disconnected the affected server from the network and reported the breach to the National Privacy Commission. It advised its customers to “change the passwords of all user accounts in which personal information details or portions of it are used as passwords.”