G-Xchange Inc. (GXI), operator of mobile e-wallet service provider GCash, reiterated that the unauthorized fund transfer of some account holders last week was due to phishing and not caused by hacking nor glitch, the company said in a statement late Saturday.
Earlier that day, the National Privacy Commission (NPC) released a statement saying it will issue another order instructing GXI to provide further information and documents to enable an independent assessment and verify the claims presented by GXI on the supposed phishing being the cause of the glitch.
The NPC added it is investigating a “potential personal data breach” involving compromised accounts of GCash and “in light of the glitch” that occurred on May 10 that sent the app to a prolonged maintenance.
The two parties met last Friday.
“We reiterate that there was no hacking nor glitch that occurred in the GCash platform. The incident last 8 May 2023, was a deliberate phishing attempt outside of the GCash app.”
GCash said in the statement.
Several GCash users have complained of unauthorized transactions as early as May 8.
GCash explained phishing is a common type of cyber attack where criminals impersonate an organization or individual through a legitimate-looking email or text message containing links to fraudulent websites to trick people into divulging sensitive information or downloading harmful software. A variation of phishing, known as smishing, operates similarly but is limited to mobile phone SMS messages.
While hacking, according to NPC, is the act of compromising digital devices and networks through unauthorized access to an account or computer system.
GCash said some users may have unknowingly shared their information with suspicious sites masked as legitimate brands or institutions.
GCash also said the extended preventive maintenance undertaken last week to mitigate the impact of this incident complies with global cybersecurity standards and is aligned with the regulations of the Bangko Sentral ng Pilipinas. – Myla Iglesias and Irma Isip
