MANILA, Philippines — Fintech platform Cashalo, a joint venture of Gokongwei-owned JG Summit Holdings via Express Holdings Inc. and Oriente assured clients that their accounts and passwords have not been compromised after a data breach two years ago.
Cashalo said its information technology (IT) security team discovered on Friday a potential data security incident involving its database archive.
This resulted in unauthorized access to a database that contained some personal data of Cashalo customers.
“Our encryption implementation ensured that no customer accounts or passwords were compromised. We apologize sincerely and unreservedly for this unfortunate incident and those impacted,” it said.
Cashalo said it took immediate actions to safeguard the data of its users and reported the incident to the National Privacy Commission (NPC).
“We value the trust you have given us to safeguard your personal information. Protecting your privacy and data is of utmost importance to us. Providing you with a safe, and secure experience at all times is a commitment we take very seriously,” Cashalo told its clients.
Apart from reviewing and fortifying its security infrastructure, Cashalo said it is working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to users.
It advised users affected by the incident to follow the next steps to be taken.
“Once again, we are truly sorry for any inconvenience and concern this may have caused. We assure you, our Cashalo community, that we are working together with the authorities and our partners to complete a thorough investigation and enhance our security policies and safety measures,” Cashalo said.
Last Feb. 14, cybersecurity consultant Cyble reported about three billion credentials were leaked in the darkweb, a repository compiled through the previous data leaks and breaches.
The list reported in the website cybleinc.com included 3.3 million users of Cashalo.com including full names, emails, bcrypt hashes and phone numbers.
Cyble is a global cybersecurity consultant, specializing in providing intelligence on threats at the earliest stages of cyber threats. It provides organizations with real-time visibility to vulnerabilities in their digital footprint and combats cyber threats effectively.