data privacy

NPC probes ‘potential data breach’ in unauthorized GCash fund transfers

Michelle Abad

This is AI generated summarization, which may have errors. For context, always refer to the full article.

NPC probes ‘potential data breach’ in unauthorized GCash fund transfers
The National Privacy Commission is set to make an 'independent assessment' to verify G-Xchange's claims that phishing was the cause of unauthorized deductions from multiple GCash accounts

MANILA, Philippines – The National Privacy Commission (NPC) has launched an “in-depth” investigation into the “potential personal data breach” that may have occurred when multiple GCash accounts had unauthorized deductions that prompted the e-wallet app to go offline on Tuesday, May 9.

In a statement on Saturday, May 13, the NPC said that its complaints and investigation division began closely monitoring the matter since the incident happened on Tuesday “to determine the existence of breach and its extent, and whether there are any other violation[s] of the provisions of the Data Privacy Act of 2012.”

On Tuesday, May 9, some GCash users reported unauthorized transactions in their accounts that reduced their balance. GCash conducted a “preventive maintenance” sometime around Tuesday morning to investigate the complaints.

Within the day, the app went back online, and GCash assured customers that their money was not lost, and that any deductions would be adjusted by 3 pm that day.

On Wednesday, May 10, the NPC issued a notice to explain addressed to G-Xchange, Incorporated (GXI), the company that manages GCash. It also sent an order requiring GXI to appear before the NPC for a clarificatory meeting, and to present more information and documents about the incident.

This meeting was held on Friday, May 12, the NPC said. GXI had presented information about the investigation they undertook and the actions taken to address the incident.

Gilda Maquilan, GCash vice president for corporate communications, said on Wednesday that a fraudster using phishing techniques was behind the unauthorized transactions, based on initial investigations.

Maquilan added that there was “definitely no hacking.” She said GCash continues to upgrade its security mechanisms, such as through the recent rollout of a facial recognition security feature.

Despite the explanation, the NPC is set to issue another order for GXI to provide more information and documents, which would then be checked through an “independent assessment” to verify GXI’s claims that phishing was the cause of the unauthorized transations.

“The NPC is committed to safeguard the privacy of all individuals and will continue to provide guidance on how the public can better protect themselves from violations of their data privacy rights, even as these threat actors are also becoming more sophisticated in the pursuit of their criminal design,” said Privacy Commissioner John Henry Naga.

Naga assured the public that the NPC was making all necessary steps to protect GCash clients’ data privacy rights.

EXPLAINER: What is digital fraud and how do you protect yourself from scams?

EXPLAINER: What is digital fraud and how do you protect yourself from scams?

House Deputy Minority Leader Bernadette Herrera earlier called for a congressional inquiry into the irregular fund transfers.

Herrera said officers of GCash, GXI, Mynt, Globe Telecom, Ayala Corporation, and Ant Financial should explain the incident that alarmed GCash users.

GCash has a consumer base of 81 million. –

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI
Download the Rappler App!
Clothing, Apparel, Person


Michelle Abad

Michelle Abad is a multimedia reporter at Rappler. She covers overseas Filipinos, the rights of women and children, and local governments.