Official Statement on Cashalo’s Data Security Incident

PRESS RELEASE

Singapore/ Manila, 19 February 2021 – On 18 February, 2021, our cybersecurity team discovered a potential data security incident involving a Cashalo-only database archive. An individual claimed to be in possession of a Cashalo customer database taken from a non production system used by the company. This incident resulted in unauthorized access to a database archive that contained some personal data of Cashalo customers, including some combination of usernames, email, phone numbers, device ID, and encrypted passwords. Our encryption implementation ensured that no customer accounts or passwords were compromised.

We have since taken the system offline and activated investigations, working closely with cybersecurity experts and the relevant authorities, including the Philippines’ National Privacy Commission.

Protecting the data and privacy of our users is of utmost importance to us.

Our teams are currently conducting a thorough impact assessment with urgency to determine the nature and extent of data that has been potentially accessed.

We are notifying affected individuals about this incident consistent with our goal of being transparent. Our priority is to work directly with stakeholders to provide support and help them manage any potential risks.

Media Contact:
Karun Arya
VP Group Corporate Affairs, Oriente
karun.arya@oriente.com
+65 8138 1590

FAQs for guidance on action that affected customers can take and other updates.

About Cashalo

Cashalo is a fintech platform that delivers digital credit to Filipinos – helping them elevate their financial well-being. All loans under the Cashalo Platform are financed by Paloo Financing Inc., with SEC Registration No. CSC201800209 and Certificate of Authority No. 1162

Want to help accelerate financial inclusion in the Philippines? We’re hiring – jobs@cashalo.com

Address: 16F World Plaza, BGC, Taguig City, Philippines 1634