The National Privacy Commission (NPC) is investigating a potential data breach involving compromised GCash accounts. The investigation was launched in light of the issue that occurred on May 10, 2023, which forced the temporary halt of GCash app operations.
The NPC's Complaints and Investigation Division (CID) has been closely monitoring the incident since May 9, 2023, amidst circulating reports of GCash users' suspicious transactions on their accounts. The CID is looking into the existence of a breach, its extent, and whether there are any other violations of the provisions of the Data Privacy Act of 2012.
On May 10, 2023, the NPC issued a notice to explain and an order addressed to G-Xchange, Inc. (GXI), the company managing GCash, requiring GXI to appear before the Commission for a clarificatory meeting and to provide additional information and documents. The clarificatory meeting was held on May 12, 2023, wherein GXI presented information to the NPC about their investigation and the measures taken with dispatch to address the incident.
The NPC will issue another Order instructing GXI to provide further information and documents to enable an independent assessment and verify the claims presented by GXI on the supposed phishing being the cause of the glitch.
Privacy Commissioner and Chairman Atty. John Henry D. Naga assures the public that all necessary steps have been made by the NPC to protect the rights of GCash clients as data subjects.
"The NPC is committed to safeguard the privacy of all individuals and will continue to provide guidance on how the public can better protect themselves from violations of their data privacy rights, even as these threat actors are also becoming more sophisticated in the pursuit of their criminal design," Privacy Commissioner Naga stated. He further emphasized, "The NPC will diligently exercise its powers under the law against any party found to be in violation of the Data Privacy Act."
The NPC is also urging the public to be vigilant and to take the following precautions to protect their personal data:
1. Do not click on links or open attachments from unknown senders.
2. Keep your software up to date.
3. Use strong passwords and change them regularly.
4. Be careful about what information you share online.
5. Be aware of phishing scams.
6. Report any suspicious activity to the NPC.
For more information on data privacy, please visit the NPC website at www.privacy.gov.ph.