On 18 February 2021, Cashalo’s IT security team discovered a potential data security incident involving a Cashalo-only database archive. An individual claimed to be in possession of a Cashalo customer database taken from a non production system used by the company. This incident resulted in unauthorized access to a database archive that contained some personal data of Cashalo customers, including some combination of usernames, email, phone numbers, device ID, and encrypted passwords. Our encryption implementation ensured that no customer accounts or passwords were compromised.

We have since taken the system offline and activated investigations, working closely with cybersecurity experts and the relevant authorities, including the Philippines’ National Privacy Commission.

Protecting the data and privacy of our users is of utmost importance to us.

Our teams are currently conducting a thorough impact assessment with urgency to determine the nature and extent of data that has been potentially accessed.

We are notifying affected individuals about this incident consistent with our goal of being transparent. Our priority is to work directly with stakeholders to provide support and help them manage any potential risks.

  • Download the full press release here
  • FAQs for guidance on action that affected customers can take and other updates



Media Contact:
Karun Arya
VP Group Corporate Affairs
E: [email protected]
M: +65 8138 1590