fbpx
Wisdom > G-Force

Why the MPTC data breach is a cause for concern

And why companies should work hard to prevent similar incidents

Protecting personal information is a matter that should be taken very seriously. IMAGE FROM PIXABAY

You may have heard of high-profile cases of data breaches across the globe. But the fallout that comes with such incidents doesn’t really hit home until it’s at our doorstep. That is certainly the situation now with the recent incident that took place at Metro Pacific Tollways Corporation.

The toll operator’s advisory on social media reported that user accounts may have been compromised, but it did not say how many. Reaching out to affected customers, the company further disclosed that account numbers, plate numbers, and contact details may have been exposed due to unauthorized access to some of its systems.

In the interest of making things as simple as possible, I will no longer dive deep into the issue from a technical standpoint. What is important to know is that the unscrupulous parties who participate in these data breaches will take the path of least resistance, usually without setting foot onto their target’s premises. They will gain entry to computer systems using various methods such as introducing malware and exploiting inadequately secured portals.

Data breaches are betrayals of public trust. SCREENSHOT FROM FACEBOOK

While MPTC’s timely announcement about account and license numbers being leaked is commendable, it is reasonable to suspect that more pieces of sensitive information may have been exposed. The company’s database may also contain customer names, phone numbers, addresses, and bank-account numbers.

Out in the open, this information can be used to make fake identities and fraudulent payments. We’ve all heard of compromised bank accounts and credit cards being used to purchase big-ticket items online or at overseas locations. This can also result in the public’s reluctance to use digital payment methodsone of which is DriveHub, MPTC’s own mobile app.

Data breaches can also cause severe financial and reputational damage to companies. For example, a 2013 data breach involving three billion user accounts had Yahoo forking out over $150 million (P8.5 billion) in settlements and fines. Just like how consumers steer clear of carmakers that make unreliable products, the public may have negative opinions about organizations that have failed to safeguard sensitive data. As a software engineer, I certainly would want to avoid any kind of professional association with such.

Multi-factor authentication is an effective tool in preventing unauthorized access. IMAGE FROM MICROSOFT

While data breaches of this scale normally take place in business settings, protecting personal information is also the responsibility of the individual. Look out for dubious web links and e-mail attachments. Use multi-factor authentication if it’s available. If you receive alerts of unauthorized log-in attempts or bank transactions, immediately change your account password or contact your financial institution.

As for MPTC, I am not here to give it any tips and tricks on protecting sensitive data under its care. I expect the toll operator to already know how to do that right from the day it started collecting personal information from its customers.

In fact, I am one with the motoring public in expressing my utmost disappointment over the fact that the data breach even occurred in the first place. I am also a customer, so this incident has obliterated any ounce of trust I have in the company. It’s now just a matter of finding out if my private details are of any use to anyone up to no good.



Miggi Solidum

Professionally speaking, Miggi is a software engineering dude who happens to like cars a lot. And as an automotive enthusiast, he wants a platform from which he can share his motoring thoughts with fellow petrolheads. He pens the column ‘G-Force’.



Comments