DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ph: Privacy Commission summons operators of website that exposed car owners’ personal data

Posted on January 16, 2021 by Dissent

There’s an update to a data leak situation previously noted on this site. It’s always interesting to me to see how other countries handle privacy violations or data leaks. It looks like the NPC has the authority — and uses it — to order ISPs to block access to problematic web sites that violate privacy.

From the web site of the National Privacy Commission of the Philippines.

January 11 – The National Privacy Commission (NPC) is extending the cease-and-desist order (CDO) on lisensya.info following the failure of its owners and operators to counter privacy violation allegations the Commission received late last year that the website had breached personal information of Land Transportation Office (LTO)-registered motorists.

Google Safe Browsing recently detected phishing activities on lisensya.info.

The CDO was first served on Nov. 12 against respondents Jose Minao and Billy James Jimena, the website’s owners and operators, who were given until Nov. 22, 2020 to file a comment on the allegations and to present their defense, as provided by Section 12 of NPC Circular No. 20-02 or the “Rules on the Issuance of Cease and Desist Order.”

Lisensya.info provided a “Motor Vehicle Authenticator,” which, through the mere input of the motor vehicle file number by anyone, would show sensitive information, such as the make, plate number, engine number, chassis number, registration expiry date and name of the owner.

Netizens claimed the data the site provided were accurate, raising suspicions of a leak in LTO’s database as these were the types of information the LTO was collecting from motorists for registration. A total of 12.725 million vehicles were registered with the LTO in 2019.

Based on results of NPC’s initial investigation, lisensya.info had neither a privacy notice nor any contact details of its owner.

Lisensya.info associated itself with the LTO, but the agency assailed it for using the LTO logo on its website to establish a false connection with the transportation office.

“Ang lisensya.info website ay HINDI pinapatakbo o konektado sa ahensya ng LTO,” the transportation agency’s post on its verified Facebook page read. “Para sa kaligtasan ng lahat, huwag po tayong magbigay ng SENSITIBONG IMPORMASYON sa UNVERIFIED links o accounts.”

[Google translation of above:  “The lisensya.info website is NOT operated or connected to the LTO agency,” the transportation agency’s post on its verified Facebook page read. “For the safety of all, please do not provide SENSITIVE INFORMATION on UNVERIFIED links or accounts.”]

Since the CDO was first served to lisensya.info, the website is no longer easily accessible to the public.

Other developments:

  1. The NTC issued a memorandum dated Nov. 16, 2020 directing Internet Service Providers (ISPs) to block access to lisensya.info. The memorandum was sent through electronic mail to various ISPs on Nov. 20 and 23, 2020. The Commission directed the ISPs to submit a report on their actions within five days from receipt of the memorandum.In a letter addressed to the NPC dated Dec. 21, 2020, the National Telecommunications Commission said that several ISPs, including PLDT, Smart Communications, Dito Telecommunity, InfiniVAN, Pipol Broadband and Telecommunications Corp., Philippine Telegraph & Telephone Corp., Apo Associated Radio Electronics & Communications Co., and Kabayan Cable TV Systems, had reported that lisensya.info “has already been blocked and will no longer be accessed by their subscribers.”
  2. As of Nov. 24, 2020, lisensya.info had already been flagged by Google and Firefox. Upon accessing the site through Google Chrome, users can see a security warning saying that Google Safe Browsing recently detected phishing activities on lisensya.info. Users, who choose to proceed accessing the website despite the security warning, will be directed to a YouTube video. The same happens when users use browsers without a security warning. Some users, upon accessing the website, are directed to a statement saying “lisensya.info’s server IP address could not be found.”

The CDO on lisensya.info and the Order extending the same are available on the NPC website, privacy.gov.ph.

As of this morning, the warning is still up if you try to access lisensya.info via Chrome:

Google warns you about lisensya.info

Category: Business SectorExposureNon-U.S.

Post navigation

← Hy-Vee agrees to settle the class action lawsuit over payment card data breach
Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation’s Cloud Services →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.