Subscribe to our newsletter!
- The DICT and NPC, conducted their separate investigations after the GCash incident last week.
- For DICT, their own investigation is to check if GCash’s statement that the incident is a result of phishing and not hacking is true.
- While for NPC, their investigation is to check if a potential personal data breach occurred during the incident.
A week after GCash users experienced unauthorized transactions to their funds, the Department of Information and Communication Technology (DICT) and the National Privacy Commission (NPC) have confirmed that they have already started their separate investigations.
For DICT Secretary Ivan John Uy, the recent incident gave the department the green light to investigate, as they were already receiving several complaints on GCash even before it happened.
“Medyo marami at iba-ibang panahon po na nangyari ito,” he shared.
[“We have already received a lot of reports before on different dates.”]
According to Uy, the Cybercrime Investigation and Coordinating Center (CICC) of the DICT will be the one to lead the probe, adding that the department will focus on whether the incident is a breach, a leak, a hack, or phishing.
In an earlier report by BitPinas, GCash explained that the incident was not a product of hacking, as most of the users assumed, but rather a product of phishing.
Phishing is an online attack that steals user data, including login credentials. Most commonly, attackers bait their potential victims by sending them links or files that look like they are from legitimate companies, where victims are required to supply their personal information. such as passwords, account IDs, and more.
However, even though GCash has already explained the scenario, Uy insisted that it still needs to be checked by proper authorities to ascertain if it is true and that it really happened.
“Of course, they’re the company that’s affected so it’s quite self-serving if they’re the ones who will do the explanation. So, I think, an independent group has to look into it and see what really happened,” he highlighted.
Lastly, aside from checking if GCash’s report is true or not, the secretary also stressed that the probe is aiming to offer recommendations and solutions to the fintech firm to avoid similar incidents from happening in the future.
On the other hand, NPC Chief Commissioner John Henry Naga has ordered an in-depth investigation into if there was a potential personal data breach during the incident.
“The NPC is committed to safeguard the privacy of all individuals and will continue to provide guidance on how the public can better protect themselves from violations of their data privacy rights, even as these threat actors are also becoming more sophisticated in the pursuit of their criminal design,” Naga said in a statement.
According to the NPC Chief, the agency’s Complaints and Investigation Division has been monitoring the incident since May 9, 2023, the day when the issue popped up.
A clarificatory meeting was then held last Friday, May 12, between NPC and G-Xchange Inc., the mother company of GCash, to report to them about the firm’s own investigation. The meeting was held after the government agency sent a Notice to Explain to the mother company last Wednesday.
However, a day after, some GCash users still experienced another temporary downtime, which lasted nine hours, of the app.
GCash immediately apologized for the inconvenience but assured users that their funds were safe during the downtime.
“The NPC will diligently exercise its powers under the law against any party found to be in violation of the Data Privacy Act,” Naga concluded.
This article is published on BitPinas: DICT, NPC Conduct Separate Probe on GCash Incident
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.