Cebuana Lhuillier, a Philippine financial service provider, said on Saturday that the data of 900,000 clients had been accessed without authorisation and that it had already alerted authorities to investigate the incident.
The breach came as Philippine investigators were looking into allegations by the country’s foreign minister last week that a privately contracted firm took away documents and data from the Department of Foreign Affair’s passport database, reports Reuters.
Cebuana Lhuillier, whose services include pawning, remittance, micro insurance, and business to business micro loan solutions, said some information like birthdays, addresses and sources of income, were affected in the breach involving an email server used for marketing.
“It’s just a very small portion of our clientele. The main server containing all clients of Cebuana Lhuillier remains protected and uncompromised”, said Richard Villaseran, the company’s corporate communications division head.
He added the company’s clients had been advised how to further protect their personal information.