NPC launches in-depth investigation regarding GCash ‘potential data breach’
On Tuesday, May 9, a “potential data breach” may have been caused by unauthorized deductions made to multiple GCash accounts, prompting the e-wallet app to go offline. The National Privacy Commission (NPC) is conducting an “in-depth” investigation.
According to a statement on Saturday, May 13, the NPC’s complaints and investigation division began closely monitoring the situation since Tuesday’s incident. This aims “to determine the existence of breach and its extent, and whether there are any other violation[s] of the provisions of the Data Privacy Act of 2012.”
After the app went back online that same afternoon, GCash assured customers that their money was not lost and that any deductions would be reversed by 3 pm.
In a notice to explain dated Wednesday, May 10, the NPC sent an email to G-Exchange, Incorporated (GXI), which manages GCash. Furthermore, the NPC requested that GXI appear before it for a clarificatory meeting and provide more information and documents.
A GXI representative presented information about the investigation it conducted and the actions it took to address the issue during the May 12 meeting, the NPC reported.
Based on initial investigations, GCash vice president for corporate communications Gilda Maquilan said a fraudster using phishing techniques was behind the unauthorized transactions.
The GCash CEO added that “definitely no hacking” had taken place. GCash is continuing to upgrade its security mechanisms, including rolling out facial recognition technology recently.
Even with GXI’s explanation, the NPC is now preparing to issue a second order for GXI to submit more information, which will be verified through an “independent assessment” to verify GXI’s claim that phishing was to blame.
Privacy Commissioner John Henry Naga said, “The NPC is committed to safeguard the privacy of all individuals and will continue to provide guidance on how the public can better protect themselves from violations of their data privacy rights, even as these threat actors are also becoming more sophisticated in the pursuit of their criminal design.”
Naga assured the public that the NPC was taking all necessary steps to protect GCash clients’ data privacy.
Raphael is a person born between the generations of Millenial and Gen Z. He was produced by Cavite State University (Main Campus) with a bachelor's degree in Political Science. The lad has a fresh take on things, but can still stay true to his roots. He writes anything in Pop Culture as long as it suits his taste (if it doesn't, it's for work). He loves to wander around the cosmos and comes back with a story to publish.