Fintech platform Cashalo has started its own investigation on alleged data breach of accountholders and is working closely with cybersecurity experts and the relevant authorities, including the National Privacy Commission (NPC) to resolve the issue.
In a statement sent over the weekend, Cashalo said it has since taken the root of the breach offline and has undertaken steps to ensure no customer accounts or passwords were compromised.
“Our teams are currently conducting a thorough impact assessment with urgency to determine the nature and extent of data that has been potentially accessed,” said Karun Arya, vice president Group Corporate Affairs of Cashalo.
Arya said the company is notifying affected individuals about the incident to provide support and help them manage any potential risks.
Cashalo said its information technology security team discovered a potential data security incident involving a Cashalo-only database archive.
It said an individual claimed to be in possession of a Cashalo customer database taken from a non-production system used by the company. This incident resulted in unauthorized access to a database archive that contained some personal data of Cashalo customers, including some combination of usernames, email, phone numbers, device ID and encrypted passwords.
The NPC said in a press conference last February 19 it was investigating information a client data from Cashalo is being reportedly sold on the dark web.