The Metro Pacific Tollways Corporation (MPTC), a major toll road developer in the Philippines, experienced a significant data breach on September 7, 2024. The attack, carried out by the DeathNote Hackers, compromised 978,848 records, including customer and transactional data, Easytrip card details, and internal documents. The hackers claimed responsibility on social media and shared the leaked data via Telegram, raising widespread concerns over the scale of the breach.
Among the exposed records are over 247,000 Easytrip card numbers, reloading and transaction logs, and adjustments to toll accounts. Sensitive internal documents, such as MPTC’s employee contact directory and system logs, were also leaked, potentially revealing vulnerabilities in MPTC’s systems. Screenshots from internal platforms indicated unauthorized access by a “Superadmin” user, further emphasizing the depth of the infiltration.
The breach poses severe risks for both customers and MPTC. Exposed Easytrip card details could lead to financial fraud, unauthorized charges, and theft. Additionally, the disclosure of personal contact information raises the likelihood of phishing attacks and social engineering schemes targeting employees and customers. MPTC’s reputation has suffered a major blow, with public trust in its toll services now at stake.
MPTC also faces potential regulatory action due to the breach’s scale and severity. Philippine data protection authorities may investigate the company for lapses in cybersecurity measures. Moving forward, MPTC will need to strengthen its systems to prevent similar incidents while addressing the concerns of affected customers and employees.
Reference:
