Privacy commission probes alleged Cashalo’s data breach


The National Privacy Commission (NPC) is investigating the alleged selling of Cashalo users’ personal data.

In a statement, NPC said: “It has come to NPC’s attention that client data from Cashalo is being reportedly sold on the dark web.”

In a separate statement, Cashalo confirmed the reported breach.

Rest assured that the Commission has already started investigating this matter, Atty. Michael Santos, NPC’s Complaints & Investigation officer in charge said. However, to avoid jeopardizing the investigation process, Santos said that the privacy bureau will refrain from giving further details as of the moment.

Santos added they will continue to validate the veracity of this privacy matter and will timely apprise the public as more details come in.

Cashalo is a fintech platform that delivers digital credit to Filipinos via Android, Huwaei and iOS applications. All loans under the Cashalo Platform are financed by Paloo Financing Inc., with SEC Registration No. CSC201800209 and Certificate of Authority No. 1162.

As stated on its website, Cashalo may collect the following personal data:
full name, permanent and residential address, contact number/s, email address, birth date and/or age, gender, employment information, financial capacity information bank account details, credit card and/or financial account information, financial history and details of government-issued identifications;
private ID’s, social media, e-commerce, transportation, or other online/mobile account details which prove the identity of the user.