DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ph: Privacy Commission summons operators of website that exposed car owners’ personal data

Posted on January 16, 2021 by Dissent

There’s an update to a data leak situation previously noted on this site. It’s always interesting to me to see how other countries handle privacy violations or data leaks. It looks like the NPC has the authority — and uses it — to order ISPs to block access to problematic web sites that violate privacy.

From the web site of the National Privacy Commission of the Philippines.

January 11 – The National Privacy Commission (NPC) is extending the cease-and-desist order (CDO) on lisensya.info following the failure of its owners and operators to counter privacy violation allegations the Commission received late last year that the website had breached personal information of Land Transportation Office (LTO)-registered motorists.

Google Safe Browsing recently detected phishing activities on lisensya.info.

The CDO was first served on Nov. 12 against respondents Jose Minao and Billy James Jimena, the website’s owners and operators, who were given until Nov. 22, 2020 to file a comment on the allegations and to present their defense, as provided by Section 12 of NPC Circular No. 20-02 or the “Rules on the Issuance of Cease and Desist Order.”

Lisensya.info provided a “Motor Vehicle Authenticator,” which, through the mere input of the motor vehicle file number by anyone, would show sensitive information, such as the make, plate number, engine number, chassis number, registration expiry date and name of the owner.

Netizens claimed the data the site provided were accurate, raising suspicions of a leak in LTO’s database as these were the types of information the LTO was collecting from motorists for registration. A total of 12.725 million vehicles were registered with the LTO in 2019.

Based on results of NPC’s initial investigation, lisensya.info had neither a privacy notice nor any contact details of its owner.

Lisensya.info associated itself with the LTO, but the agency assailed it for using the LTO logo on its website to establish a false connection with the transportation office.

“Ang lisensya.info website ay HINDI pinapatakbo o konektado sa ahensya ng LTO,” the transportation agency’s post on its verified Facebook page read. “Para sa kaligtasan ng lahat, huwag po tayong magbigay ng SENSITIBONG IMPORMASYON sa UNVERIFIED links o accounts.”

[Google translation of above:  “The lisensya.info website is NOT operated or connected to the LTO agency,” the transportation agency’s post on its verified Facebook page read. “For the safety of all, please do not provide SENSITIVE INFORMATION on UNVERIFIED links or accounts.”]

Since the CDO was first served to lisensya.info, the website is no longer easily accessible to the public.

Other developments:

  1. The NTC issued a memorandum dated Nov. 16, 2020 directing Internet Service Providers (ISPs) to block access to lisensya.info. The memorandum was sent through electronic mail to various ISPs on Nov. 20 and 23, 2020. The Commission directed the ISPs to submit a report on their actions within five days from receipt of the memorandum.In a letter addressed to the NPC dated Dec. 21, 2020, the National Telecommunications Commission said that several ISPs, including PLDT, Smart Communications, Dito Telecommunity, InfiniVAN, Pipol Broadband and Telecommunications Corp., Philippine Telegraph & Telephone Corp., Apo Associated Radio Electronics & Communications Co., and Kabayan Cable TV Systems, had reported that lisensya.info “has already been blocked and will no longer be accessed by their subscribers.”
  2. As of Nov. 24, 2020, lisensya.info had already been flagged by Google and Firefox. Upon accessing the site through Google Chrome, users can see a security warning saying that Google Safe Browsing recently detected phishing activities on lisensya.info. Users, who choose to proceed accessing the website despite the security warning, will be directed to a YouTube video. The same happens when users use browsers without a security warning. Some users, upon accessing the website, are directed to a statement saying “lisensya.info’s server IP address could not be found.”

The CDO on lisensya.info and the Order extending the same are available on the NPC website, privacy.gov.ph.

As of this morning, the warning is still up if you try to access lisensya.info via Chrome:

Google warns you about lisensya.info

Category: Business SectorExposureNon-U.S.

Post navigation

← Hy-Vee agrees to settle the class action lawsuit over payment card data breach
Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation’s Cloud Services →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.