Here’s what you should do if your customer data is breached online

With the rise of e-commerce platforms and brands making the pivot to be more digital, Filipinos are embracing online shopping. According to 2023 data from Statista, 57% of Filipino respondents have purchased a product or service online. 

However, consumers are left vulnerable as they have to disclose personal information, such as their email address, home address, and mobile phone number, among other pieces of information, to take advantage of these services. In 2024 alone, data breaches had hit multiple companies in the Philippines.

Food chain Jollibee was hit by a data breach in June that affected 11 million people, mostly customers, across its brands including Mang Inasal, Red Ribbon, and Chowking. Among the pieces of information compromised in the breach were birth dates and ID numbers of senior citizens, according to the National Privacy Commission (NPC).

In the same month, the NPC also confirmed data breaches involving data from Toyota between 2016 and 2024, app data from more than 100,000 Robinsons Malls customers, and personal information from Maxicare members through the booking platform of its third-party homecare provider Lab@Home.

Under the Data Privacy Act of 2012, data subjects (customers in this case) have the right to be individually informed by those who handle personal information within 72 hours “upon knowledge of or reasonable belief that a personal data breach has occurred.”

The notification should include details of the data breach, instructions on how customers will get further information, recommendations to minimize risk, and how to secure any form of assistance. 

Customer data breaches can happen to any of us. So, we collated tips from cybersecurity companies McAfee and Norton, and the non-profit organization National Cybersecurity Alliance on what you can immediately do if you think you are affected by these incidents. 

Determine what information was stolen

Look into reports by the affected organization and news reports into what kind of information was taken to understand the scope and nature of the breach, especially the type of information that was compromised and its associated risks. Doing so can help you determine if you are vulnerable to cases of fraud and prepare possible strategies to defend against or mitigate the severity of a fraud attempt.

Change your passwords

Immediately change your passwords if you suspect you are affected by a customer data breach. Update your passwords through strong and unique combinations, preferably at least 12 characters long with a mix of uppercase and lowercase letters, numbers, and symbols. Take the time to also update the passwords — setting up unique passwords for each of your sensitive accounts — to help prevent cybercriminals from accessing your other accounts.

Enable multi-factor authentication

If the breached platform offers multi-factor authentication as part of the login process, turn it on. This will add a layer of security beyond your password and prevent hackers from compromising your accounts. These layers can include a login code sent to your mobile number, a facial scan, or verification through another secure app on your device.

Keep an eye on your financial accounts

Regularly monitor your finances, especially bank accounts, for any suspicious activity, unauthorized transactions, or unfamiliar charges. Contact your bank or other financial institutions if there are incidents of unusual transactions on your account.

The National Cybersecurity Alliance, meanwhile, advises customers to use credit cards if possible “because you won’t be liable for fraudulent charges.”

Do not entertain phishing emails or calls

Cybercriminals may attempt to compromise more of your sensitive accounts and data by sending emails, messages, or calls pretending they are a legitimate organization such as a bank to get you to share additional data or click on malicious links. Make sure to verify the legitimacy of the sender or caller by cross-searching email addresses and phone numbers. 

An emerging method to scam people is the use of voice phishing — essentially fraudulent phone calls or voice messages — to trick people into sharing bank account numbers or transferring money. Recently, social media personality Kween Yasmin lost P15,000 after falling for a voice phishing scam. 

Protect yourself online

Just because you have not yet been affected by scams does not mean that you will always be safe from them in the future.

Here are some articles you can read on Rappler to help you stay safe online. 

• Safer internet habits: Essential tips on staying safe when online
• Don’t wait for disaster to strike: Here’s how we can manage online risks

– Rappler.com