Official Statement on Cashalo’s Data Security Incident

Published February 20, 2021, 11:13 AM

by Art Samaniego

I got a message from Karun Arya VP Group Corporate Affairs, Oriente informing me that Cashalo has released its official statement on the reported security incident. He further said that Cashalo is now working closely with the National Privacy Commission of the Philippines about the security incident and would release further information once the investigation is concluded. Below is the official statement of Cashalo. — Art

On 18 February 2021, our cybersecurity team discovered a potential data security incident involving a Cashalo-only database archive. An individual claimed to be in possession of a Cashalo customer database taken from a non-production system used by the company. This incident resulted in unauthorized access to a database archive that contained some personal data of Cashalo customers, including some combination of usernames, email, phone numbers, device ID, and encrypted passwords. Our encryption implementation ensured that no customer accounts or passwords were compromised.

We have since taken the system offline and activated investigations, working closely with cybersecurity experts and the relevant authorities, including the Philippines’ National Privacy Commission.

Protecting the data and privacy of our users is of utmost importance to us.

Our teams are currently conducting a thorough impact assessment with urgency to determine the nature and extent of data that has been potentially accessed.

We are notifying affected individuals about this incident consistent with our goal of being transparent. Our priority is to work directly with stakeholders to provide support and help them manage any potential risks.