privacyPH.org/protect

In light of the recent breach at COMELEC involving personal information of 55-million Filipino voters, we're compiling certain measures below that may help mitigate some privacy risks entailed by the incident. Since Filipino voters are generally young, it can take decades before much of the personal information from the breach becomes obsolete and useless to those who may commit fraud using the COMELEC data. Such data include (at least) fullnames, birthdates, birthplaces, addresses, voters' ID numbers, fingerprint hashes as well as (in some cases) passport numbers, tax identification numbers, fullnames of parents, email addresses, physical stats (height, weight). It appears to be, by far, the biggest online privacy breach in world history.


Identity Theft

  • Passport change. If you voted as an OFW, change your passport right away.
  • Commercial services. Identity thieves could sign you up for commercial services or some scams.
  • Redirected bills. Using the data from the leaked COMELEC database, identity thieves could redirect your business or personal addresses before fully using your identity. So watch out if you're no longer receiving your bills.
  • Strange calls or texts. Be wary of calls or SMS messages that could be used to confirm certain information, including the telephone numbers.


See Also


Social Media

  • Placeholder account. If you feel particularly vulnerable to identity theft online but you can't help yourself from using social media, you can open accounts in popular social media as placeholder accounts only. But don't put in accurate personal information. Use hard-to-guess password.
  • Privacy Settings. If you're already on social media, adjust your privacy settings to restrict access to important information and pictures. “Friends of friends” access may no longer cut it. Where appropriate, you may also use inaccurate information as placeholder data.
  • Report. In case a fraudster has already acquired some social media real estate using your identity, report it immediately. How: Facebook, Twitter.

Fraud

  • Eyes on the card. When paying with the use of credit card, don't let it out of your sight where someone could copy (or take a picture of your credit card) details like expiry, CVV, and credit card number.
    * Challenge questions. In online banking and other financial services, change your “challenge questions” to items not involving information about your parents, birthplace, birthdate.
  • Renew docs. Renew government-issued IDs, passports, licenses to help check possible compromised identity.
  • Request history. If it happens you request for certain official documents like birth certificates, marriage certificate, try to inquire also about the history of such requests for your documents from concerned government agencies. See if previous requests were really made by you.
  • Unexpected calls or visits. Be concerned about unexpected calls or visits from those posing as bank agents, insurance reps “verifying” your personal details.
  • Passwords. Passwords that match or resemble data available on the stolen COMELEC database (birth date, names in the family, birthplace, and the like) must be changed. Enable two-factor authentication (if available) for your online accounts.
  • Financials. Using the information from the COMELEC hack, your accounts with financial services (insurance, brokerage, funds, banks) could be vulnerable to "social engineering" aiding financial fraud. Periodically check your personal details with your financial institutions.

Take Action

  • Pwned? At Have I Been Pwned (HIBP), check if the email address you've been using for important online services have been pwned or compromised. If so, you need to dissociate the link immediately by using an alternative email address for such online services. (Tip: Avoid Yahoo Mail and other potentially insecure email services.) But please note, however, that negative results on the HIBP site do NOT guarantee that your accounts have not been compromised.
  • Document. Your right to privacy is stipulated in the Data Privacy Act of 2012. Violations of such right without documentation could hardly be remedied. So document them in great details.
  • Report. File formal complaints or report such violations to

NATIONAL PRIVACY COMMISSION
Office of the President, Jose P. Laurel St.
San Miguel, Manila, Metro Manila, Philippines

E-mail: privacycommissioner@privacy.gov.ph