GHL Group says it is investigating an alleged data breach involving its e-payment service platform e-pay.

 

The payment solution provider said the allegations are isolated only to the e-pay online-reload and bill payment collection system, or E.V.E, and does not impact other e-pay and GHL businesses and operations.

 

The company said the E.V.E system operates on an independent stand-alone system that does not interfere with the technical operations of other e-pay and GHL merchant acquiring systems and servers.

 

“Investigations are still underway and we will continue to update on the progress and any new findings. In the meantime, we would advise E.V.E users to go to our official website and change their passwords as precautionary measures. 

 

“E.V.E users should NOT click on unverified email links urging them to update their credentials but to do so only on our official website,” GHL said in a statement today.

 

Earlier, it was reported that Malaysian customers’ data on e-pay involving some 380,000 accounts have been sold online.

 

The online listing reportedly was first highlighted by a Twitter user @Bank_Security, who claimed that a threat actor is selling 380,000 customers PII data and credentials related to the online payment system e-pay located in Malaysia.

 

The seller of the data on the online marketplace was said to have the database containing the username, e-mail address, date of birth, contact address and mobile phone number. 

 

The Malaysian Reserve has reached out to CyberSecurity Malaysia for comments.