Cybercrime center clears GCash of data breach claims
By Aubrey Rose A. Inosante
THE CYBERCRIME Investigation and Coordinating Center (CICC) on Thursday said the alleged compromised know-your-customer data files, reportedly linked to GCash, were found not to conform with the e-wallet’s naming protocols.
“These files are not part of their naming protocols,” CICC Undersecretary Alexander K. Ramos told BusinessWorld, addressing claims made by the cyber advocacy group Deep Web Konek.
“The only thing that’s theirs is GSave, which allows the user to choose a bank or a depository that is maintained by the banks,” he added.
Deep Web Konek said the breach involved over 35,000 items and 30 gigabytes of data, purportedly including payslips, employee compensation certifications, GSave account terms, and debit cards.
“Normally, the files… these are the parts of the assessment and investigation. That’s where you’ll see the origin of the file. The time and dates, when it was created, when it was last accessed, who authored it,” he said.
“But apparently, there’s none. We have nowhere to start with,” he added.
Mr. Ramos noted efforts to reach out to the group for clarifications.
“There’s really no story here but one nice thing is that (GCash) is responding. Unlike the other year, 2020, when they were here. Now, they respond quickly,” he said.
In a statement on June 27, GCash said: “Based on our initial findings, there are no indications of a data breach in our systems and this has no impact on customer funds and their accounts remain safe and secure.”
FINANCIAL SECTOR
Stakeholders in the financial sector should seek collaboration with various industries to deter rising cyberattacks and earn digital trust, according industry executives.
“It’s challenging but we need to work together. Either with the help of the telecommunications companies, [and] the regulatory body,” Union Bank of the Philippines Chief Information Officer (CIO) Dennis Omila said at KPMG’s Innovation Summit 2024 on Thursday.
He added that competition should be set aside to collaborate with other players, as users conduct transactions across different platforms.
Similarly, RCBC CIO Carlos Tengkiat emphasized a unique collaboration among all industries to develop interoperable technologies that adhere to standards.
“If you create something that is proprietary, it’s not a sustainable approach,” he said, highlighting that the sector’s technologies include legacy systems alongside new hybrid cloud systems.
Bangko Sentral ng Pilipinas (BSP) Managing Director and CIO Eugene Teves cited guidelines on information technology risk management for banks, including Circulars 1048 and 1169, which focus on customer protection.
“As we try to move to a more digital mode of banking, we also see a lot of complaints and concerns that have arisen and, in this case, the BSP takes them seriously,” Mr. Teves said.