Metro Pacific Tollways Corporation reports data breach of Easytrip platform

Metro Pacific Tollways Corporation (MPTC) has reported a data breach that may have compromised user accounts on its Easytrip toll payment platform. MPTC is the tollways unit of Metro Pacific Investments Corporation, which is part of First Pacific Company Limited, a Hong Kong-based conglomerate. Easytrip is a major toll collection system in the Philippines, serving millions of motorists.

The breach occurred on the night of September 7, 2024, and the company is currently investigating the extent of the breach.

Easytrip is used for electronic toll collection on MPTC-managed expressways, including the North Luzon Expressway (NLEX), Subic-Clark-Tarlac Expressway (SCTEX), Manila-Cavite Expressway (CAVITEX), and Cavite-Laguna Expressway (CALAX).

MPTC stated that some user accounts may have been accessed and potentially compromised. A cybersecurity watchdog group, Deep Web Konek, claimed that nearly one million Easytrip records were allegedly compromised, including an inventory of 247,324 card numbers (both used and unused) and an internal telephone directory with 3,000 entries.

The nature of the attack and details about breached data are not disclosed.

MPTC has assured affected Easytrip account holders that their toll wallet balances are secure. The company’s cybersecurity team has contained the affected system and is investigating the incident further. MPTC also plans to reach out to affected users individually.