Cashalo reports data security incident though no accounts compromised
Online lending platform Cashalo over the weekend reported a potential data security breach, but assured customers that no accounts or passwords were compromised during the incident and it is now in close coordination with Philippine authorities.
Cashalo said its information technology (IT) security team found the potential data security incident involving a database archive on Thursday, February 18, when an individual claimed to have the said database which was taken from a non-production system used by the company.
"This incident resulted in unauthorized access to a database archive that contained some personal data of Cashalo customers, including some combination of usernames, email, phone numbers, device ID, and encrypted passwords. Our encryption implementation ensured that no customer accounts or passwords were compromised," it said.
The financial technology firm said it has since taken the system offline and activated investigations, on top of coordination efforts with cybersecurity experts and relevant authorities such as the National Privacy Commission (NPC).
"Our teams are currently conducting a thorough impact assessment with urgency to determine the nature and extent of data that has been potentially accessed," it said.
Cashalo offers credit to Filipinos 21 years of age who are employed or with a steady income with repayment terms based on the preference of the customer.
The Bangko Sentral ng Pilipinas (BSP) last year said there were adequate policies in place to address operational risks, as cybersecurity is a collective responsibility.
The central bank in 2017 issued enhanced guidelines on IT risk management for all supervised institutions, following the Bangladesh Bank heist. — DVM, GMA News