#

Maxicare officially notifies NPC of data breach

THE National Privacy Commission (NPC) confirmed on Tuesday that it had received a data breach notification from Maxicare Healthcare Corp. 

In a statement, the regulator said that the NPC Data Breach Notification Management System received a notification from the health maintenance organization on June 16.

The breach was first made public on Tuesday in a Facebook post by a cybersecurity advocacy known as Deep Web Konek. Deep Web Konek estimated the breach as having compromised 33 megabytes of Maxicare data.

Member details included 16-digit Maxicare card numbers, account types, dates of birth, sex, mobile numbers, and e-mail addresses, it said.

Separately, the NPC said that it has not received any data breach notification from the Maritime Industry Authority (Marina) as of Tuesday afternoon.

“As of 2 p.m. today, there has been no notification from Marina. But they have 72 hours upon knowledge of the breach to notify the NPC and their data subjects,” the NPC said.

On June 17, Marina reported attacks on four of its web-based systems and said that it was working with the Department of Information and Communications Technology to address the breach.

Marina said it does not expect the breach to have compromised the data of seafarers, adding that it hopes to restore normal operations as soon as possible.

Two weeks ago, the NPC also reported data breaches at Robinsons Land, Toyota Motors, and the Philippine National Police. It has yet to be officially notified of any data breach involving membership shopping club S&R. — Justine Irish D. Tabile