No breach in GCash despite unauthorized transactions, says privacy watchdog

MANILA - The recent unauthorized transactions in some GCash accounts were likely due to phishing and not because of a security breach, National Privacy Commission Complaints and Investigation Division Chief Atty. Michael Santos said on Friday.

Several GCash users earlier reported unauthorized withdrawals amounting to millions of pesos cumulatively. 

Based on the NPC's findings released on Thursday, there was no breach in GCash.

"As far as data privacy is concerned in determining kung na-breach nga ba sila o hindi, sa ating pagsisiyasat, hindi sila na-breach (based on our investigations, there was no breach)," Santos in an interview with TeleRadyo.

He said the incidents appeared to originate from a modus where those in the gambling site were made to believe they were reloading credits when in fact they were adding another device.

GCash immediately adjusted the affected accounts. It said no funds were lost due to the incident.

• GCash attack was 'meticulous phishing': Privacy watchdog
• GCash says 'no funds lost' despite system glitch
• GCash says all affected e-wallets 'adjusted' as of 4 p.m.

"Akala nila, nag-enter sila ng OTP para mag-load. Yun pala, para mag-add device (they thought they're loading but they're actually adding another device)," Santos said.

He said GCash was ordered to amplify security measures to prevent other incidents in the future. However, GCash may have to answer to other regulating bodies, he added.

"Whether or not may iba silang pananagutan sa ibang regulator, sa ibang batas, hindi na natin saklaw 'yun," said Santos.