Several bank hacking victims claim being doxed by fraudsters

Warren De Guzman, ABS-CBN News

Posted at Dec 16 2021 04:29 PM

MANILA - Ellard Chua had to address dozens of angry callers after his name and contact number were used by cybercriminals as among the recipients of unauthorized withdrawals from BDO accounts. 

Chua shared he also lost P50,000 in the attacks while publicly informing others he had no idea why the criminals chose to use his name in their scheme.

"If they’ve seen my name in their BDO emails saying money was transferred to Ellard Chua, then I am telling them na nothing was transferred to my account," Chua said in an interview.

"Somebody used my name. I am not sure why they chose my name. But the beneficiary account number is not mine and not a single peso went into my account," he said. 

Chua has since been reimbursed his P50,000.

ABS-CBN was able to find 3 individuals who had the same experience during the BDO cyber attacks.

It is unclear how their names and contact details were obtained. But they are adamant they were not victims of phishing or smishing, and they have been extra careful in securing their data.


In a message to ABS-CBN, Deputy Governor for Financial Supervision Chuchi Fonacier of the Bangko Sentral ng Pilipinas said the probe continues, and they are determining whether the criminals stole not just money, but also user data.

Fonacier, who is part of the special task force created to lead the probe said, "that's one of the possibilities the task force is currently looking at.”

The National Privacy Commission earlier said it was also looking at whether a data breach occurred.

NPC Chairman Raymund Liboro told ABS-CBN News that they have already received a communication from BDO’s Data Protection Officers, but they are still studying the information. A formal statement is expected soon.

Under the Data Privacy Act, BDO has 72 hours from the discovery of the cyber attack to report to the NPC whether or not a data breach took place.

BSP Director for Technology Risk and Innovation Supervision Melchor Plabasan, who is also part of the task force said, UnionBank has identified 6 persons of interest.

The BSP is also working closely with the National Bureau of Investigations, Plabasan told Teleradyo.

"Dapat mas maging proactive pa when it comes to security nila. 'Yun po babantayan po natin 'yun. Talagang tinitingnan lahat ng possibility sa loob, kung external threat ba ang may gawa. So 'yung 30 days investigation namin, ita-try po naming tukuyin kung may insider na kasabwat.”

(We need to be more proactive when it comes to security. That's what were monitoring. What we're looking at is the possibility inside, if external threat is the source. In the 30-day investigation, we will try to pinpoint whether or not there are insiders)

BDO’s reimbursement activities have also continued as more victims confirmed they have already received their cash in full. Victims can process documentary requirements at any BDO branch near them.

The country's largest bank in terms of assets earlier said it would shoulder the losses and reimburse nearly 700 clients. 

It has yet to disclose the total amount involved in the cybercrime.


Watch more on iWantTFC