Privacy body says names in spam, scam texts unlikely from data breach

Full names are now appearing on text spams raising concern among Filipinos. According to a National Privacy Commission official, names may have been manually or automatically scraped from certain apps.
Philstar.com/EC Toledo

MANILA, Philippines — The National Privacy Commission said Thursday that a data breach is unlikely to be the source of names in spam and scam texts plaguing mobile users, as it reiterated that these may have been obtained through scraping or harvesting names from payment and messaging apps.

“Based on our investigation po, there’s no leak or breach,” NPC deputy privacy commissioner Leandro Aguirre said during the Senate hearing on the proliferation of spam and scam texts, adding that they are not completely ruling out this possibility.

Aguirre added that the names of mobile users that appear in spam and scam texts “seems to be a result of scraping or harvesting from payment applications, messaging applications.”

Mark Anthony Amurao, advocacy lawyer of fintech platform GCash that had been speculated to be the source of names in those messages, also said that their systems have not been compromised.

“There was actually no breach of our systems. The infrastructure and the systems of GCash remain intact and it wasn’t compromised which may lead to or result in a data breach,” Amurao said.

Aguirre explained that scraping or harvesting is different from a breach. Still, he said, payment and messaging apps may be held liable for not acting on this.

“On the part of these payment applications and these messaging applications that have these unusual activities … that should have been flagged,” he said partly in Filipino.

Meanwhile, GCash has anonymized the names of users in the send money feature, which previously showed the first names and the initial of the surnames of its users.

“We need to strike a balance between customer experience and strengthening measures to keep user information safe from unscrupulous individuals,” GCash chief information security officer Mark Frogoso said in a statement.

Frogoso added, “The feature that shows the full names of recipients was intended to help users verify if they are sending to the right person and avoid being scammed.”

While there are clues as to how names of mobile users have been obtained, there are still no answers as to who is behind the scam and spam texts.

Pressed by Sen. Nancy Binay as to when the results of the investigation may be out, Aguirre was noncommittal.

Show comments