Guide to File an Illegal Dismissal Complaint as a Regular Employee

This article is written for informational purposes only and does not constitute legal advice. Where you face an actual hacking incident, consult a Philippine lawyer or law-enforcement officer experienced in cybercrime.


I. Overview

“Facebook Messenger hacking” generally refers to the unauthorised takeover or access of a Messenger account, resulting in the hacker’s ability to read, send, or delete messages; impersonate the user; or harvest personal data. In Philippine law this conduct squarely falls under “illegal access” (popularly called hacking) governed by Republic Act (RA) 10175 – the Cybercrime Prevention Act of 2012. Depending on what the attacker does once inside the account, other criminal, civil, and administrative liabilities can accumulate.


II. Criminal Remedies

Offence Governing law Elements Penalty*
Illegal Access (“Hacking”) RA 10175, § 4(a)(1) (1) Access to a computer system without right; (2) Access is intentional Prisión mayor (6 yrs. 1 day – 12 yrs.) and/or ₱200,000–₱500,000 fine; plus one degree higher if done against critical infrastructure (Messenger’s servers are generally not critical infrastructure)
Computer-related Identity Theft RA 10175, § 4(b)(3) (1) Unauthorised or fraudulent use of another’s identifying information (e.g., posing as the victim to contacts); (2) With intent to gain or cause damage Same penalty as illegal access
Computer-related Fraud RA 10175, § 4(b)(2) (1) Input/alteration/deletion of data; (2) Causing computer data to be inauthentic, with intent to defraud 6 yrs. 1 day – 12 yrs. & fine at least equivalent to the damage but not less than ₱200,000
Violation of Data Privacy RA 10173 (Data Privacy Act), § 25(a) (1) Malicious or unauthorised processing of personal information; (2) Damage to data subject 1–3 yrs. & ₱500,000–₱2 M (higher if sensitive data)
Access Device Fraud / Carding (if hacker steals stored payment info) RA 8484 Unauthorised access or use of a device/account 6 yrs. 1 day – 10 yrs. & fine twice the amount defrauded

*Penalties are reclusion temporal if any qualifying circumstance applies (e.g., if offence is committed by a syndicate of three or more; or if the offended party is a child, triggering R.A. 9775/10906).

A. How to File a Criminal Complaint

  1. Preserve evidence immediately

    • Take screenshots (whole screen, showing URL and date/time).
    • Save chat logs in .zip via Facebook “Download Your Information”.
    • Keep SMS/email alerts from Facebook showing login attempts.
  2. Secure a Notarised Affidavit of Complaint – describe the incident chronologically, attach printed screenshots, and list witnesses.

  3. File with any of:

    • NBI Cybercrime Division (Taft Ave., Manila or regional units)
    • PNP Anti-Cybercrime Group (ACG) (Camp Crame & regional ACGs)
    • Where provincial, the provincial prosecutor’s office may receive the complaint directly.
  4. Prosecution & trial – the prosecutor files an Information in the appropriate Regional Trial Court (designated Cybercrime court). Venue lies where any element was committed (often where the victim resides or where data was accessed). RA 10175 § 21 also grants extraterritorial jurisdiction if the hacking affects a Filipino or happens on Philippine soil.


III. Civil Remedies

Even if criminal charges prosper, the victim may claim damages independently (Civil Code Art. 33, Art. 2176):

  • Actual damages – cost of lost business opportunities, data recovery, identity-theft expenses, etc.
  • Moral damages – anxiety, social humiliation, disturbance of private life (Art. 2219).
  • Exemplary damages – to deter public wrong (Art. 2232).
  • Attorney’s fees – when the act is “grossly oppressive” (Art. 2208[11]).

A civil action may be:

  • a) Reserved in the criminal case (to be litigated after conviction); or
  • b) Filed separately under Rule 2 of the Rules of Court.

Special Civil Actions

Remedy Legal basis Purpose
Writ of Habeas Data A.M. 08-1-16-SC Compel deletion, correction, or destruction of unlawfully obtained personal data; useful where nude images or sensitive communications were copied.
Writ of Preliminary Injunction / TRO Rule 58, Rules of Court Direct Facebook Philippines (if impleaded) to preserve logs, disable the compromised account, or restore access.
Action for Violation of Privacy of Communication Civil Code Art. 26 & Art. 32(1) Suits for damages against the hacker (and possibly Facebook if negligence in security is shown).

IV. Administrative & Regulatory Remedies

  1. National Privacy Commission (NPC) Complaint

    • If personal information was processed without consent, file a “Complaint-Affidavit” under NPC Circular 16-04.
    • Remedies: Cease-and-desist orders, compliance directions to Facebook, and fines up to ₱5 million per violation.
  2. Data Breach Notification

    • Under NPC Circular 16-03, Facebook (as personal-information controller) must notify both NPC and affected users within 72 hours of breach discovery if risk of serious harm exists.
    • Users may compel the NPC to investigate non-disclosure.
  3. Facebook Platform Remedies

    • Account Recovery: facebook.com/hacked → identity verification, password reset.
    • Reporting compromised messages or impersonation. While contractual, a platform-level fix often serves as quickest containment.

V. Evidence & Litigation Strategy

A. Digital Evidence Rules

  • Rules on Electronic Evidence (A.M. No. 01-7-01-SC) – screenshots, logs, and chat archives are admissible if authenticated by testimony of a person with personal knowledge (Rule 5, § 2) or by hash value integrity.
  • Chain of custody – law-enforcement officers must preserve original data; alteration spoils evidence.

B. Mutual Legal Assistance & Subpoena to Facebook

  • MLAT between the Philippines and U.S. enables prosecutors to obtain server-level logs from Meta Platforms, Inc. Local subpoena duces tecum may suffice for basic subscriber information through Meta’s Philippine counsel.

C. Prescription

  • Cybercrime offences prescribe in 12 years (RA 10951 amending Art. 90 RPC); civil actions generally prescribe in 4 years from discovery (Art. 1146 Civil Code).

VI. Common Defences & Evidentiary Hurdles

Defence Typical Argument Countermeasure
“Victim consented / gave password.” Lack of intent & unauthorised element Show forced reset, deceit, or revoked consent; reliance on two-factor audit trail.
“Spoofed IP / mis-identification of hacker.” Question of identity Use MLAT/subpoena for login metadata; correlate with SIM registration, CCTV, or workplace records.
“Evidence is unauthenticated screenshot.” Hearsay Present affidavit of the person who captured screenshots, use Facebook “Download Your Information” archive, or expert testimony on hashes.

VII. Practical Steps for Victims (Checklist)

  1. Secure your own devices: malware scan, reset passwords, enable two-factor authentication (2FA).
  2. Recover account via Facebook: go to Settings → Security & Login → Where You’re Logged In → Log Out of All Sessions then change password.
  3. Preserve evidence before cleaning messages or deleting chats.
  4. Notify contacts that any suspicious message is not yours; this limits downstream fraud.
  5. Report to law enforcement with printed evidence & affidavits.
  6. Consider filing an NPC complaint if sensitive personal data leaked.
  7. Consult counsel about civil damages or habeas data petition.

VIII. Recent Jurisprudence & Notable Cases

Case G.R. No. Key Take-away
Disini v. Secretary of Justice (Feb 18 / Apr 22 2014) 203335 etc. Upheld constitutionality of RA 10175, confirmed illegal access & identity theft provisions are valid.
People v. Estacio (CA-G.R. CR No. 40315, 2020) Conviction for Facebook account “takeover”; screenshot chats admitted under Rules on Electronic Evidence.
People v. Ronquillo (CA-G.R. CR No. 40444, 2021) Identity theft for pretending to be the victim on Messenger; moral damages awarded.
NPC Case No. 18-096 (Facebook-Cambridge Analytica breach) NPC found Facebook failed to implement appropriate security measures; imposed ₱1 billion fine (pending appeal).

(Court of Appeals decisions are persuasive; always confirm latest status.)


IX. Conclusion

The Philippines offers layered remedies—criminal prosecution, civil damages, special writs, and data-privacy enforcement—to respond to Facebook Messenger hacking. Success, however, hinges on quick evidence preservation, prompt reporting, and strategic choice of forums. Victims should act within weeks, not months, to maximise the chances of identifying the perpetrator and securing both justice and compensation.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.