GHL Group, the company that manages E-Pay has issued an official statement on the data breach allegation. According to the company, they are currently investigating the serious allegation and they are checking into their system.
The statement also mentions that the alleged issue is isolated to the E-pay online reload and bill payment collection system (E.VE) and it does not affect other E-pay and GHL businesses and operations. It clarified that the E.V.E system operates independently and it doesn’t interfere with the technical operations of other E-Pay and GHL merchant acquiring systems and servers.
As a safety precaution, GHL advises its E.V.E users to change their passwords immediately. It also warned them not to click on suspicious links and to only update their credentials on the official site.
To recap, OMG Hackers has recently revealed that an alleged E-Pay database with 380,000 members was put on on sale on an online forum. The threat actor is offering the database of personal details including full address, date of birth, email and mobile number for USD 300 (about RM1,215).