According to the report, Globe mistakenly sent out customers’ personal registration details to other customers via email. As a string of complaints began to appear on Globe’s #TalkToGlobe Twitter hashtag, many concerned customers are now voicing out their thoughts against Globe and its practices that might have violated Philippines’ Data Privacy Act of 2012, which sets out strict guidelines informing data controllers about how people’s data can be processed. This includes strict prohibitions on who data controllers can share people’s data with.
Here’s one of the text message that customer @rennyjr0528 received from Globe:
I received this message from @enjoyGLOBE And registered knowing that its a legit link since it came from them. After that, an email was sent to me with someone else’s personal information! This is against the dta privacy act! Hello Globe!?? What the fuck is this??? pic.twitter.com/7VJ400v6yx
— Renny Jr. (@rennyjr0528) January 25, 2019
As we dig up on the report, we found out that this could have started when Globe ran a promotion to win tickets for K-Pop girl group BLACKPINK’s concert in Manila this February 2. Upon filling out their personal information on the registration link provided thru SMS, Globe customers received an email – which apparently contained someone else’s personal information.
Not an isolated incident
One Globe customer named Jeff Clifford Cruz told BestVPN.com:
“This telco sent us a promotion via text that we need to register to their website to qualify. So those people who received the text went to the website and registered, and after registering, the website provided us the confirmation number and they will contact us within 3 business days. What happened after that, they sent a copy of our registration details to a different user’s email address.”
And another customer named Jeff Clifford Cruz with the handle @fordcanhandleit, also told the site that:
“Our full details are there on email, and it’s alarming.”
The information sent, according to these people, includes full names, full postal address and even their mobile numbers.
Globe customers are now voicing out to other customers who received their information to please not share the emails and their personal information.
One customer going by the handle @kaiko0424 took to Twitter with the following advice:
“In case you received other Globe prepaid customer’s details, please do not screenshot and post it on twitter. Let us help each other protect our Personal Data!!! #OnTheList @talk2GLOBE DO SOMETHING!!!”
Lack of response from Globe worries customers more
Meanwhile, Globe’s seemingly lack of response from the incident is bothering its customers’ mind more. On its @talk2GLOBE Twitter account, where customer support is active, there are many tweets regarding the matter and yet Globe is only responding on them thru direct messages.
Consumers affected by the Globe privacy breach are advised to contact the National Privacy Commission to report an official complaint.
Consumers who received somebody else’s data in an email are advised to refrain from sharing the email and to delete it at once. No copies of the email should be made, and no screenshots taken in order to minimize the impact of the damage done by Globe as much as possible.
Revealed has reached out to Globe for this issue, and will update this article once we received a proper response.
UPDATE (14:20, 29 January 2019): National Privacy Commission has issued a statement dated January 29 that Globe has notified the commission regarding the incident. According to commissioner Raymund Liboro, the data breach has potentially affected 8851 customers, and has advised those who may have been affected to monitor their online and offline accounts for any unusual activity and change their passwords and other means of identity verification.
UPDATE ON 09:25, 2019 January 30: Globe, through its Globe ICON Facebook page, released their official statement regarding the data breach issue.
Globe Telecom has rectified the issue with affected customers on sending wrong confirmation receipt to another individual and reported the incident to the National Privacy Commission in compliance with regulatory requirements. It was just a case of sending the data registration confirmation receipt to the wrong individual and was not sent en masse or as a group of data. It only affected prepaid customers who have registered to the On The List program to avail of concert tickets and other music venues of Globe events. About 8,851 customers were affected out of 60 million prepaid customers. Globe Chief Information Security Officer Anton Bonifacio said: “The On The List registration site was taken down immediately to remove access to potential registrants at the time and we have notified all affected prepaid customers of the issue.”