IT Security Incident Notice and Data Security Measures Update to Clients
We are writing to inform you of important data security measures in place, updates regarding a data security incident in 2020, and our continued commitment to ensuring your data privacy. This notification is issued in accordance with a recent resolution from the National Privacy Commission (NPC). It specifically concerns clients and suppliers of Travel People, Ltd., Inc. (TPLI) who transacted with us prior to 26 August 2020. Rest assured that we continue to implement stringent security measures to ensure your safety and the integrity of your personal data.
On the morning of 26 August 2020, our in-house IT Team alerted us to a connectivity issue within the Magsaysay network, which houses TPLI systems. By the afternoon, the IT Team formally notified all relevant parties of the ongoing issue. The following day, it was determined that the Travel Management System was specifically affected. This system contains client and supplier information, including names, contact details (email address and/or telephone number), and booking information. In a forensic analysis, it was later determined that a ransomware had encrypted the files in the Travel Management System which made them inaccessible without a decryption key.
Upon identifying the ransomware issue, our IT team promptly implemented the following measures:
· All servers were shut down to contain the ransomware and to enable thorough checks on each server.
· An incident advisory was issued to all users and management on August 26, 2020, instructing all units to activate their Business Continuity Plans and workarounds during the downtime.
· Security patches were applied to non-affected servers to prevent further spread.
· Cybersecurity experts were engaged to assist in the containment, cleanup, and possible decryption of affected files.
We notified the NPC of the incident and sought guidance on notifying data subjects. In the meantime, our IT team focused on system restoration and engaged cybersecurity experts to conduct a forensic analysis.
On 8 September 2020, at 3:48 a.m., the system was fully restored. To prevent the recurrence of the incident, our IT Team engaged experts to conduct a vulnerability assessment and penetration test on all systems in order to identify our risks of further exposure to cyberattacks and other security incidents and determine possible measures to mitigate or avoid them. Our IT Team also deployed advanced endpoint detection and response tools to all workstations and servers.
The Forensic Report confirmed that no data was taken during the incident as the ransomware only encrypted the files, blocking any access to it. Additionally, there were no outbound connections observed, indicating no control by the attacker.
On July 03, 2024, we received a Resolution from the NPC mandating the notification of data subjects of this security incident.
At TPLI, we remain committed to maintaining the highest standards of data security and will continue to invest in robust security measures to prevent future incidents. We apologize for any inconvenience this incident may have caused. For any questions or concerns, please contact your respective account managers, or email us at maui.cabbuag@travelpeople.com.ph.
Thank you for your understanding.