The National Privacy Commission on Saturday said it is looking into a “potential personal data breach” among accounts of Globe-backed fintech giant GCash that encountered unauthorized money transfers on May 9.
“The NPC’s Complaints and Investigation Division (CID) has been closely monitoring this incident since May 9, 2023 amidst circulating reports of GCash users on suspicious transactions on their GCash accounts, to determine the existence of breach and its extent, and whether there are any other violation of the provisions of the Data Privacy Act of 2012,” the NPC said.
The mobile wallet, however, denied that a hacking occurred.
The NPC said it ordered G-Xchange, Inc., the operator of GCash, to appear before the commission for a clarificatory meeting and to provide additional information and documents on May 12.
“The NPC will issue another order instructing GXI to provide further information and documents to enable an independent assessment and verify the claims presented by GXI on the supposed phishing being the cause of the glitch,” the Privacy body said.
The Department of Information and Communication Technology as well as the Bangko Sentral ng Pilipinas earlier said they were conducting their own investigation into the incident.
In an earlier interview with ANC, GCash Public Affairs andCommunication Head Gilda Maquila said the affected customers “unknowingly accessed a phishing link.”
GCash is registered as a non-bank financial institution electronic money issuer (EMI-NBMF). It is a wholly-owned subsidiary of Mynt (Globe Fintech Innovations Inc.), which is in turn a partnership between Globe Telecom Inc., the Ayala Corp., and Ant Financial.
Funds from GCash accounts were said to have been transferred to accounts under Asia United Bank (AUB) and East West Banking Corp., with both banks now conducting their own probe into the matter.
Credit belongs to : www.manilastandard.net