2 hours ago
1
Upgrade to High-Speed Internet for only ₱1499/month!
Enjoy up to 100 Mbps fiber broadband, perfect for browsing, streaming, and gaming.
Visit Suniway.ph to learn
BDO Unibank has directly refuted a client’s viral social media claims of a system breach and insider theft, stating that unauthorized transactions on her account stemmed from security lapse involving her own device.
In a statement, BDO said an investigation into Maria Jamila Cristiana Gonzales Berenguer’s account showed it was not compromised. The bank’s inquiry found that a password was reset and a new device was registered on Sept. 14, 2025.
These actions, the bank said, were validated through a one-time password (OTP) sent to the client’s registered mobile device. The reported unauthorized transactions occurred the following day, Sept. 15.
The bank noted that Berenguer herself admitted in a television interview that her mobile device had been in the hands of other people at some point.
BDO also noted that the client’s registered mobile number, which receives official bank communication, was not changed.
“Log-in and registration alerts were sent to the client for these updates,” BDO said. "Transaction Alerts were also sent promptly on Sept. 15, 2025—six hours before the client reported the issue via the BDO Hotline.”
BDO clarified that transactions made through its BDO Pay app require a PIN or biometrics, not an OTP. The OTP is only required for device registration, a key security feature the bank said was used in this case.
The bank further stated that it has made “repeated efforts to engage the client,” but she “declined and continue[d] to post several videos that are inaccurate.”
BDO stressed that its security controls are in place and that transfer limits were not bypassed. “These controls will not work if clients ignore warning signs and messages sent by the bank through official channels,” the statement read.
BDO reiterated that its system remains secure, with no evidence of any breach or insider involvement.
