NPC update on Alleged Cashalo Data Breach

NPC update on Alleged Cashalo…

NPC update on Alleged Cashalo Data Breach

Straits Interactive PH | 2021-02-23 16:24

Amid recent reports on the alleged data breach on the cash-loaning application Cashalo, operated by Oriente Express Techsystem Corporation, the National Privacy Commission (NPC) did a preliminary probe on the data security issue. Initial findings show that huge amounts of personal data from Cashalo are being dumped and sold on different cyber forums since February 14, 2021. A certain user named “creepxploit” sells data of 3.3 million users of Cashalo containing their usernames, passwords, e-mail addresses, phone numbers and device identifications on two sites on the dark web. The user even provides sample data for potential buyers. Given the facts, it is suspected that the user successfully downloaded files from Cashalo’s own database, which signifies a potential breach on the application. Creepxploit’s posts remain accessible as of writing. NPC immediately reached out to Cashalo …


Become a DPEX Community member to access
data protection resouces and discussions on pertinent topics now.

Access online / in-person courses and view past training records

Join lively discussions on pertinent data protection topics

Gain access to data protection research and video resources

Receive value-added data protection updates from the region