Security Incident Notification

This notification is issued in accordance with a recent resolution from the National Privacy Commission (NPC) regarding an incident that occurred in 2020. It is intended only for clients and suppliers of TravelServices Inc. (TSI) who transacted with us prior to 26 August 2020. Rest assured that we continue to implement stringent security measures to ensure your safety and the integrity of your personal data.

On the morning of 26 August 2020, our in-house IT Team alerted us to a connectivity issue within the Magsaysay network, which houses TSI systems. By the afternoon, the IT Team formally notified all relevant parties of the ongoing issue. The following day, it was determined that the Travel Management System was specifically affected. This system contains client and supplier information, including names, contact details, and booking information. In a forensic analysis, it was later determined that ransomware had encrypted the files in the Travel Management System which made them inaccessible without a decryption key.

Upon identifying the ransomware issue, our IT team promptly implemented the following measures:

  • All servers were shut down to contain the virus and to enable thorough checks on each server.
  • An incident advisory was issued to all users and management on August 26, 2020, instructing all units to activate their Business Continuity Plans and workarounds during the downtime.
  • Security patches were applied to non-affected servers to prevent further spread.
  • Cybersecurity experts were engaged to assist in the containment, cleanup, and possible decryption of affected files.


We notified the NPC of the incident and sought guidance on notifying data subjects. In the meantime, our IT team focused on system restoration and engaged cybersecurity experts to conduct a forensic analysis.

On 8 September 2020, at 3:48 a.m., the system was fully restored. To prevent the recurrence of the incident, our IT Team engaged experts to conduct a vulnerability assessment and penetration test on all systems in order to identify our risks of further exposure to cyberattacks and other security incidents and determine possible measures to mitigate or avoid them. Our IT Team also deployed advanced endpoint detection and response tools to all workstations and servers.

The Forensic Report confirmed that no data was taken during the incident as the ransomware only encrypted the files, blocking any access to it. Additionally, there were no outbound connections observed, indicating no control by the attacker.

On 13 May 2024, we received a Resolution from the NPC mandating the notification of data subjects of this security incident.

At TSI, we remain committed to maintaining the highest standards of data security and will continue to invest in robust security measures to prevent future incidents. We apologize for any inconvenience this incident may have caused. For any questions or concerns, please contact your respective account managers, or email us at dataprivacy@ph.fcm.travel.

Thank you for your understanding.

TravelServices Inc. (TSI)