CEBU PACIFIC reported Thursday its GetGo application server was compromised Wednesday night, prompting the company to temporarily shut it down pending an investigation.
In a statement, the budget carrier said it discovered “unauthorized access” in the affected server, but noted credit card information was not stored in it.
“Cebu Pacific confirms that there was an unauthorized access to a GetGo application server last night. This server has been secured… As a precaution, we have temporarily disabled log-in using GetGo credentials to the cebupacificair.com website and mobile app, both of which remain secure,” it said.
The Gokongwei-led company noted it has alerted the National Privacy Commission (NPC) of the matter and is working with the government on the investigation.
GetGo is the lifestyle rewards platform of Cebu Pacific that allows users to earn points when using debit or credit cards.
Privacy Commissioner Raymund E. Liboro said in a statement the NPC is already working with the data protection officer (DPO) of Cebu Pacific.
“[W]e have instructed (the DPO) to…ascertain if there is a need to inform affected data subjects of the breach, along with specific precautions and other measures they may take to protect themselves,” it said.
The NPC said it was informed of the breach Thursday morning, where Cebu Pacific said the “extent and nature” of the breach was still being determined.
“We have instructed (the DPO) to personally report tomorrow to the NPC complaints and investigation team. The NPC shall issue public updates on the incident as they become available,” it added. — Denise A. Valdez