Online reports have emerged that Filipino telecoms Globe Telecom Inc. has experienced a widespread data blunder.
The major telecoms provider has allegedly leaked customer’s private details to fellow customers via email. The firm, one of the most popular in the Philippines, has around 60 million customers.
On Friday, January 28, a string of complaints began appearing on Globe’s #talktoglobe Twitter hashtag. According to furious customers, Globe mistakenly sent out their personal registration details to other customers via email. Customers first realized something was wrong when they received an email containing somebody else’s personal account details.
One globe customer going by the Twitter handle @rennyjr0528 said:
“I received this message from @enjoyGLOBE And registered knowing that its a legit link since it came from them. After that, an email was sent to me with someone else's personal information! This is against the data privacy act! Hello Globe!?? What the **** is this???”
The trouble started when Globe customers were given the opportunity to enter a promotion to win tickets to see all-girl K-Pop band BlackPink. When they filled out their registration details, Globe customers received an email containing somebody else’s personal information.
Rather than an isolated incident, a number of customers on Twitter all reported the same thing. One Globe customer called Jeff Clifford Cruz told ProPrivacy.com that:
“This telco sent us a promotion via text that we need to register to their website to qualify. So those people who received the text went to the website and registered, and after registering, the website provided us the confirmation number and they will contact us within 3 business days. What happened after that, they sent a copy of our registration details to a different user’s email address.”
Cruz, who goes by the Twitter handle @fordcanhandleit, told ProPrivacy.com that he was alarmed by the experience:
“Our full details are there on email, and it’s alarming.”
The information leaked about users includes their names, full postal addresses, and mobile numbers.
Pulling together in the name of privacy
Following the spread of the emails, Globe customers others to respect their privacy by not sharing the emails. One customer going by the handle @kaiko0424 took to Twitter with the following advice:
“In case you received other Globe prepaid customer's details, please do not screenshot and post it on twitter. Let us help each other protect our Personal Data!!! #OnTheList @talk2GLOBE DO SOMETHING!!!”
Silence from Globe
Most troubling about the data leak, is the lack of response from Globe. Following the surge of accusations on Twitter, we were unable to find any information from the telecom company either apologizing or advising customers what they should do.
In the Philippines, consumers are protected by the Data Privacy Act of 2012. That legislation sets out strict guidelines informing data controllers about how people’s data can be processed. This includes strict prohibitions on who data controllers can share people’s data with.
Mr. Cruz believes that Globe should face fines for what it has done:
“@EnjoyGLOBE and @ talk2GLOBE should also be fine for their Data Privacy Breach as it happened to Google recently. #DataPrivacyBreach.”
For now, consumers affected by the Globe privacy breach are advised to contact the Philippines National Privacy Commission to register an official complaint.
Consumers who received somebody else’s data in an email are advised to refrain from sharing the email and to delete it at once. No copies of the email should be made, and no screenshots taken in order to minimize the impact of the damage done by Globe as much as possible.
ProPrivacy.com contacted Globe to find out how many customers were affected by the data breach, but at the time of writing, they had not responded.
Update 29/01/2019. Globe Telecom has responded to our request for comment:
"Globe Telecom has rectified the issue with affected customers on sending wrong confirmation receipt to another individual and reported the incident to the National Privacy Commission in compliance with regulatory requirements. It was just a case of sending the data registration confirmation receipt to the wrong individual and was not sent en masse or as a group of data. It only affected prepaid customers who have registered to the On The List program to avail of concert tickets and other music venues of Globe events. About 8,851 customers were affected out of 60 million prepaid customers."
Globe customers are being warned to watch out for irregular activity on their accounts. In addition, victims of the data beach are warned to watch out for phishing attempts. Any phone calls, text messages, or emails purporting to be from Globe representatives should be handled with extreme caution. Affected customers must ensure they don't hand out their personal data, login details - or other sensitive data - to anybody that contacts them. Instead, customers should make contact with Globe directly to ensure they are communicating with Globe and not a hacker.
If this story has encouraged you to take your online privacy more seriously, using a VPN is a great place to start. Take a look at our best VPN page for a list of the best services in 2019.