The National Privacy Commission (NPC) confirmed on Wednesday that “meticulous phishing attacks” were responsible for the security breach which caused multiple unauthorized transactions on Gcash accounts earlier this month.

In a statement, Privacy Commissioner John Henry Naga said that hackers took advantage of vulnerable Gcash users through the gambling websites namely “Philwin” and “tapwin1.com”.

With this fraudulent scheme, hackers obtained the personal information of GCash users.

NPC Commissioner John Henry Naga said it has directed G-Xchange Inc. (GXI), the operator of GCash, to "intensify its education and awareness campaign to its clients to prevent similar incidents in the future."

“We assure the public that the National Privacy Commission remains resolute in its mandate to safeguard the rights of data subjects and protect personal information. We will employ the full extent of our powers under the law to penalize those who violate the Data Privacy Act of 2012,” he added.

It can be recalled that last May 8, some netizens reported that their GCash accounts have been hacked as their money was allegedly sent to other banks like EastWest Bank and Asia United Bank (AUB) without any notification of one-time password (OTP).

The next day after the incident, NPC ordered its Complaints and Investigation Division (CID) to conduct investigation to determine the extent of the alleged unauthorized transactions, whether it compromised any personal data and other potential violations of the Data Privacy Act 2012.

Written By Ailah Francisco, DZRH News Online Intern