BDO claims they are not legally liable for the hacking incident on December 11-12 but would still reimburse its clients to maintain their “good customer relationship.” In the statement, they also clarified that they have not amended any clauses to their terms and conditions.
Compromised Online Bank Accounts
During that weekend, hundreds of BDO clients reported on social media that their bank accounts had been compromised. Funds were being transferred from their BDO accounts to a UnionBank account under certain “Mark Nagoyo” and were used to purchase P5 million in Bitcoin from a cryptocurrency market on December 11.
Reimbursing 700 Clients
The SM Group bank is now in the process of reimbursing the 700 clients who have been affected. But before reimbursing losses, BDO is obligating victims of the hacking incident to sign quit-claim forms. To prevent hacking incidents in the future, BDO added that they are working closely with the Banko Sentral ng Pilipinas (BSP).
BDO not Liable
“Liability clause is a regular compliance in the banking industry. This has been part of the normal compliance for a long time. There was no added clause due to the recent incident,” BDO said on December 21. “BDO made exceptions and shouldered the losses not caused by the clients to maintain good customer relationship even if the bank is not legally liable,” it said about their terms and conditions.
Possible Personal Data Breach
Director Melchor Plabasan of the Risk and Innovation Supervision Department of the BSP stated the central bank is looking into BDO’s terms and conditions or waivers in reimbursing the compromised accounts on Friday, December 17. Plabasan explained that the “quit-claim form is actually a waiver of the right of the customer to pursue further actions against the bank” and that this is a consumer protection issue and a possible public policy issue.
ALSO READ: 5 Ways to Lessen the Risk of Getting Hacked Online