The National Privacy Commission (NPC) announced that it will be conducting an investigation into into a possible info leak at the Land Transportation Office (LTO).
NPC released the statement via Viber chat group, saying that it will investigate lisensya.info, a website that allegedly associated itself with the LTO, to determine whether there was a leak of personal information of registered motorists.
Privacy Commissioner Raymund E. Liboro stated: “The NPC shall verify the incident and look into the extent of possible harm on LTO’s data subjects to determine how to best resolve the situation.”
According to Liboro, LTO’s Data Protection Officer (DPO) has just filed its initial breach notification report with the NPC on November 10, 2020. He said: “NPC is coordinating with the Data Protection Officer (DPO) of the LTO for us to be provided with more details of the incident.”
The LTO made a Facebook post last week criticizing lisensya.info for using the its logo on the website to mislead people into thinking it is affiliated with the government agency. In addition to this, the LTO asked people not to give personal information to unverified links and accounts.
Possible data breach at LTO
Despite LTO’s warning, some netizens pointed out that the info provided by lisensya.info were accurate, raising concerns that the LTO database may have been compromised since these are the types of information the agency collects from motorists during registration.
In initial investigations, the NPC found that the site has neither a privacy notice nor any contact details of its owner. As of today, people can still access lisensya.info while LTO’s website lto.net.ph, which provides info on the status of license plate availability, remains down.
Additionally, the NPC mentioned that in 2019, a total of 12.725 million vehicles were registered with the LTO. However, prior to the deactivation of lto.net.ph, it has only collected 9,732 driver’s license details and 18,701 MV File Numbers.