Aside from the BSP and Congress, the National Privacy Commission (NPC) is also conducting its investigation on the GCash hack attempt, where they are investigating a possible data breach involving compromised accounts.
To recall, GCash’s initial findings on the incident, where they foiled a supposed hack attempt that involved Php 37 million, the fraudster made use of phishing links that compromised affected accounts into making multiple transactions to two bank accounts in EastWest Bank and Asia United Bank (AUB). Following the incident, GCash said that it was able to return the missing funds to the e-wallets of affected users.
Despite GCash insisting that the incident was more of a phishing scheme than a hacking incident, the NPC said that it will launch its own inquiry to verify GCash’s claims and determine if a data breach was involved. This is after NPC has a clarificatory meeting with G-Xchange, Inc. (GXI), the company handling GCash, where the latter presented their findings.
“The NPC is committed to safeguard the privacy of all individuals and will continue to provide guidance on how the public can better protect themselves from violations of their data privacy rights, even as these threat actors are also becoming more sophisticated in the pursuit of their criminal design,” NPC Commissioner John Henry Naga said.
