The Philippine National Data Privacy Commission (NPC) received a report that digital lending app Cashalo’s client data have been compromised. While the NPC said it was still investigating the matter, Cashalo sent out an advisory confirming the repot of data breach.
In a statement, Cashalo said its IT (information technology) security team discovered a potential data security incident involving a Cashalo-only database archive.
“An individual claimed to be in possession of a Cashalo customer database taken from a non production system used by the company,” the statement said. “This incident resulted in unauthorized access to a database archive that contained some personal data of Cashalo customers, including some combination of usernames, email, phone numbers, device ID, and encrypted passwords. Our encryption implementation ensured that no customer accounts or passwords were compromised.”
The company said it is has taken the system offline and working closely with cybersecurity experts. Cashalo said it has reported the incident to NPC and notified affected clients.
“Our priority is to work directly with stakeholders to provide support and help them manage any potential risks,” the statement said.
Launched in May 2018, Cashalo positioned itself as a fintech company hoping to respond to the calls of financial inclusion offering simple and hassle-free lending options for individuals and businesses. It offers financing schemes targeting the different needs of Filipinos. Cashalo’s parent company is Oriente, a Hong Kong-based holding firm backed by Gokongwei-led conglomerate JG Summit.