NPC probes possible data breach after GCash glitch
MANILA, Philippines — The National Privacy Commission (NPC) formally launched an investigation into possible data breach after customers of e-wallet giant GCash suffered unauthorized deductions in their personal accounts on May 8.
The data privacy watchdog said in a statement Friday that it has been closely monitoring the incident to determine if the database of GCash clients has been compromised.
Last Wednesday, NPC sent a Notice to Explain to G-Xchange Inc. (GXI), the company managing GCash, following the reports of unauthorized transactions from user accounts.
A clarificatory meeting was also held on Friday, which allowed GCash to provide information about its investigations and the measures taken to address the incident.
NPC chair John Henry Naga assured the public that the commission is taking the necessary steps to protect the rights of GCash clients.
"The NPC is committed to safeguard the privacy of all individuals and will continue to provide guidance on how the public can better protect themselves from violations of their data privacy rights, even as these threat actors are also becoming more sophisticated in the pursuit of their criminal design," Naga said.
"The NPC will diligently exercise its powers under the law against any party found to be in violation of the Data Privacy Act," he added.
Gilda Maquilan, GCash vice president for public affairs and corporate communications, earlier pointed to "sophisticated phishing, not hacking" behind the incident.
Maquilan said that the stolen funds were traced to various accounts registered with Asia United Bank and East West Bank. The full amount were then reverted to their GCash virtual wallets.
GCash assured its more than 81 million users that the app remains safe to use.
- Latest