Copyright bworldonline
THE NATIONAL Privacy Commission (NPC) said it has found no data breach in the system of G-Xchange, Inc., the operator of electronic wallet platform GCash, following its investigation into reports of user data being sold online. In a statement on Thursday, the NPC said it found “no sufficient basis to conclude that a personal data breach occurred involving GCash.” “Independent validation by the NPC’s Complaints and Investigation Division (NPC-CID) confirmed that the dataset circulating online was inconsistent with GCash’s verified data structures. Several of the listed accounts were found to be invalid or inactive, and no indicators of unauthorized access, infiltration, or data exfiltration were detected within GCash’s monitored environments,” the NPC said. The NPC launched the probe earlier this week after reports circulated that GCash user data were being sold on the dark web. GCash has since denied the allegations, saying there has been “no breach, leak, or compromise” in its systems. The Department of Information and Communications Technology (DICT), through its Cybercrime Investigation and Coordinating Center (CICC), said its monitoring showed that the alleged data leak “did not originate from the company’s systems.” The NPC said it will continue monitoring reports of threats to personal data and coordinate with relevant entities to ensure compliance with the Data Privacy Act (DPA) of 2012. “The NPC also warns individuals and groups engaging in the unauthorized access, sale, or distribution of personal data that such acts constitute clear violations of the DPA and are punishable under the law,” it said. — Ashley Erika O. Jose
