A party-list representative filed on Wednesday, May 10, a resolution in the House of Representatives calling for a congressional inquiry on the reported attempted hacking of e-wallet firm GCash and the “unauthorized” withdrawal and subsequent restoration of funds of account holders.
Bagong Henerasyon party-list representative Bernadette Herrera said a legislative investigation is necessary because the statements issued by GCash following the incident are “inconsistent”.
“I filed House Resolution 963 because I was not satisfied with the announcements, advisories, and statements coming from the financial institutions involved,” Herrera stated.
“Yes, I understand their internal investigations are ongoing, but what they have said so far are not directly responsive to the concerns of the affected GCash accountholders, the banking public, and the general public,” she added.
The legislator said there were too many inconsistencies in the statements issued by GCash. “[A]nd we have not yet heard from the Bangko Sentral ng Pilipinas, nor from the NBI Cybercrime which usually investigates cases like this,” she said.
Herrera noted that GCash initially said there was no hacking in their first public statement. Second, she said the company said the funds of the accountholders were not missing or stolen.
“[B]ut the reports of the accountholders themselves show[ed] the exact amount of unauthorized withdrawals and transfers from their accounts,” she said.
“Then hours later, intrepid reporting by the Philippine Daily Inquirer revealed that there was indeed hacking and up to P37 million in funds were transferred to two bank accounts, one account with EastWest Bank and another account with Asia United Bank,” she said.
Herrera said what GCash did was reversal of transactions after the unauthorized transactions were made. The GCash funds, she said, were already out of the accounts and sent to the EastWest and Asia United accounts.
“GCash says the amounts were restored, but what about the mental anguish and disruption to lives and businesses of the accountholders? Apologies are not enough. There should be commensurate restitution for the harm caused that was no fault of any of the accountholders,” she said.
She added: “What is quite intriguing is that the unauthorized transactions happened while a system maintenance was going on. So, does this mean erroneous commands were entered into the system and it so happened that resulted in the unauthorized electronic cash transfers? Or did the hackers working outside exploited vulnerabilities in the system of GCash?”
The lawmaker said GCash has not yet informed the public how many accounts were actually affected and how much cash was transferred into each of those EastWest and Asia United accounts.