Philippines: Concluded NPC investigation regarding a potential breach of personal data involving compromised accounts on the mobile application GCash

Concluded NPC investigation regarding a potential breach of personal data involving compromised accounts on the mobile application GCash

On 24 May 2023, the National Privacy Commission (NPC) concluded its investigation of a potential breach of personal data involving compromised accounts on the GCash mobile application. The NPC determined that the unauthorized GCash transactions stemmed from phishing attacks, particularly through gambling sites. GCash's operator, GXI, complied with NPC orders to enhance user education and security measures. The NPC affirmed its commitment to penalizing violations of the Data Privacy Act and promoting digital safety.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

digital payment provider (incl. cryptocurrencies)

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2023-05-12

under deliberation

On 12 May 2023, the National Privacy Commission (NPC) announced an investigation of a potential bre…

2023-05-24

in force

On 24 May 2023, the National Privacy Commission (NPC) concluded its investigation of a potential br…

Description

Concluded NPC investigation regarding a potential breach of personal data involving compromised accounts on the mobile application GCash

Scope

Complete timeline of this policy change