The National Privacy Commission (NPC) is investigating GCash for a possible data privacy breach following the spate of unauthorized transactions which affected several users on May 8.
The regulator met with GCash executives in a video conference on Friday (May 12) and ordered the Ayala-owned e-wallet app to provide more information and supporting documents for the NPC’s probe.
“The NPC’s Complaints and Investigation Division (CID) has been closely monitoring this incident since May 9, 2023 amidst circulating reports of GCash users on suspicious transactions on their GCash accounts, to determine the existence of breach and its extent, and whether there are any other violation of the provisions of the Data Privacy Act of 2012,” the regulator said in a statement on Saturday (May 13).
Several users complained about small but frequent unauthorized deductions to their accounts, with the funds transferred to accounts in EastWest Bank and Asia United Bank (AUB).
The complaints prompted GCash to conduct “preventive maintenance” on Tuesday (May 9), which resulted in the app becoming unusable for a few hours. The funds lost by affected users were returned to their accounts later that day.
GCash reported that users who fell victim to the scam likely handed off login details to scammers through a phishing website, which copies the GCash app interface. Users who clicked the link keyed in their personal login information thinking they were accessing the Ayala-owned app, but it turned out to be a way for fraudsters to have access to their e-wallets.
In a statement, GCash said its platform was neither hacked nor affected by a certain glitch.
“The incident last 8 May 2023, was a deliberate phishing attempt that happened outside of the
GCash app. Some users may have unknowingly shared their information to suspicious sites
masked as legitimate brands or institutions. Upon detection of these unusual transactions,
GCash immediately activated security protocols, and deployed its preventive security measures,” the company said.
GCash said it is working with the Philippine National Police Anti-Cybercrime Group (PNP-ACG), the Cybercrime Investigation and Coordinating Center (CICC) and the National Bureau of Investigation (NBI) to catch scammers and fraudsters. It also urged NPC to continue educating the public on the importance of securing their personal information.
“The safety and security of all our customers remain our topmost priority. We will not stop
working with the authorities as we endeavor to eliminate fraudsters as our common enemy,” the e-wallet said.