For full functionality of this page, it is necessary to enable JavaScript. Here are instructions on how to enable JavaScript in your browser.
Global News Local News Tech

Uber’s concealment of data breach could led to imprisonment, fine -NPC


Uber Philippines may face another penalty after its headquarters in the United States failed to immediately disclose the data breach last year.

This was according to Raymund Liboro, commissioner of the National Privacy Commission (NPC), the Philippines’ independent body that ensures the country’s compliance to data protection standards.

Dara Khosrowshahi, Uber’s newest CEO, disclosed on Nov. 21 that Uber was hacked last year in October, affecting personal data of 57 million users and 600,000 drivers around the world.

The NPC immediately called Uber Philippines to give more details on the incident and it was confirmed that Filipinos were among the users whose personal data were stolen.


Unfortunately, the ride-sharing company was not able to give the “level of detail that we expect from personal information controllers about data breach notifications, such as the actual number of Filipinos affected, and the scope of their exposure,” the NPC said.

When the hack happened last year, Uber did not inform regulators and authorities right away. They instead paid hackers $100,000 to delete the stolen data and kept the incident for a year.

“Under the Privacy Law, the minimum penalty for concealment of breach is about 1 1/2 to 5 years imprisonment and at least P1 million in fine,” Liboro said in a press briefing Tuesday, via a report by the Manila Standard.

Despite Uber having its main headquarters in the U.S., the NPC believes the issue is still under their jurisdiction because it involves Filipinos.

“By virtue of its operations and processing of Filipino end user data, Uber is considered a Personal Information Controller and must comply with Philippine data privacy and protection laws,” Liboro said on Nov. 22.

The Land Transportation Franchising and Regulatory Board (LTFB) is also doing their own investigation on the data breach. Aileen Lizada, an LTFRB board member, said they will be calling Uber to listen to their side.

“The Board will be calling Uber’s attention on the matter of its alleged admission on the breach of data privacy and will conduct its own investigation,” Lizada said.

“The board needs to hear Uber’s side to allow us to judiciously resolve the matter.”

In August, the LTFRB suspended Uber’s operation after finding out that Uber violated a July 26 order to stop accepting applications for accreditation of transport network vehicle services (TNVS).

Grab was included in the order, but Uber activated three vehicles the next day, Aileen Lizada said in an interview with CNN Philippines.

Uber was asked to pay a fine of P190 million as an exchange for lifting the suspension.


Sign-up for our newsletter!

Sign-up today and receive weekly content for free!
Email address

Just a little favor

Help us deliver news that is accurate, balanced, and clear by rating our posts. Feel free to make honest-to-goodness ratings (from 1=lowest to 5=highest) or give some quick comments and suggestions. Thanks a lot!

No ratings yet.

For comments and suggestions, please fill up this short Google form.

About the author

Martin Suan

Martin is a licensed Math Teacher, earning his degree in 2009. His writing career began when he worked for a New York-based online publication as a tech journalist. He then became an Editor for an International Business Times subsidiary and was promoted to Managing Editor in six months. He loves to do long drives on weekends due to its soothing effect on his entire being :D. Address: Kalibo, Aklan || Email:

Do NOT follow this link or you will be banned from the site!