The National Privacy Commission (NPC) is investigating the possible personal data breach involving unauthorized transactions and potential unauthorized processing of personal data resulting from the suspected compromise of multiple BDO Unibank Inc. (BDO) accounts, according to privacy commissioner John Henry Naga.
In a statement, Naga said the NPC also looks into the relevance of BDO’s 10-year-old system to the alleged security incident and to determine whether or not sufficient technical, organizational, and physical safeguards were in place to prevent unauthorized disclosure of personal information that may have been contained in the system.
NPC said as early as Dec. 11, 2021, the NPC’s Complaints and Investigation Division has commenced the investigation of “this serious security incident” to determine the full extent of the compromise and any violations of the Data Privacy Act (DPA).
On December 13, the NPC has issued notices to both BDO and Unionbank to explain, including requiring the banks to furnish additional information, documents, evidence, or witnesses, as may be necessary.
NPC has been in constant coordination with both banks in relation to the sua sponte investigation of the security incident.
