MANILA – The Cybercrime Investigation and Coordinating Center (CICC) began its investigation into the alleged data breach on mobile payments service GCash.
In a statement on Friday, CICC Executive Director Alexander Ramos said the alleged data breach is being taken seriously, with the CICC already working with GCash to provide more information on the incident.
“GCash has reported that they are working round the clock to check the contents and committed to allow a deeper probe on the alleged leak,” Ramos said.
On Thursday, GCash launched an investigation into the alleged breach of its know-your-customer (KYC) data and found no indications of a data compromise.
“Based on our initial findings, there are no indications of a data breach in our systems and this has no impact on customer funds and their accounts remain safe and secure,” GCash said.
The investigation is in response to a report made by Deep Web Konek on Thursday, an online group of local cyber-enthusiasts, that a data breach occurred in late March to early April 2024 against the Philippine Statistics Authority (PSA) and allegedly carried out by threat actor KryptonZombie.
While the PSA initially denied the data breach, Deep Web Konek alleged that more evidence showed the affected party was the GCash KYC system.
The threat actor was said to have uploaded around 100 gigabytes of compromised data from GCash such as mobile numbers, IDs used for KYC processes, GSave account numbers, signatures, and selfie IDs.