MANILA, Philippines — Pawnshop chain Cebuana Lhuillier on Saturday said it discovered a data breach that affected personal information of around 900,000 clients.
In a statement, the parent company of Cebuana Lhuillier said its email server used for “marketing purposes” was hit by the breach.
Compromised information included customers’ birthdays, addresses and source of income, the micro-financial company disclosed.
Transaction details and the company’s main servers “remain safe and protected,” Cebuana Lhuillier said, adding that it immediately reported the incident to the National Privacy Commission and notified all the affected clients.
“We are committed to ensuring the data privacy of our clients and adhere to strict security protocols in protecting our interests,” the company said.
“We will provide additional information regarding the incident as soon as it becomes available,” it added.
The country’s privacy body has yet to issue a statement on the data breach.
Cebuana Lhuillier is one of the leading and largest non-bank financial services providers in the Philippines with close to 2,500 branches nationwide. — Ian Nicolas Cigaral