NBI arrests 5 persons behind BDO hacking incident

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines, January 21) — Five persons believed to be behind the massive hacking incident that targeted customers of BDO Unibank last year have been arrested, the National Bureau of Investigation (NBI) said Friday.

Two of the suspects, both Nigerians, were caught in an entrapment operation in Mabalacat, Pampanga on Jan. 18. The bureau identified them as Ifesinachi Fountain Anaekwe, also known as "Daddy Champ," and Chukwuemeka Peter Nwadi.

NBI officer-in-charge Eric Distor identified the other three arrested suspects as Jherom Anthony Taupa y Diawan, Ronelyn Panaligan, and Clay S. Revillosa.

The five men were presented at a news conference, where they refused to answer questions from the NBI or the media.

The bureau said it hatched the operation after an informant, who supposedly had transactions with the suspects, voluntarily appeared to provide information about the leaders, members, or affiliates of the "Mark Nagoyo" group.

In December 2021, more than 700 customers of BDO, the country's biggest bank, fell victim to a heist perpetrated by an unidentified group of hackers. Initial reports showed the bulk of unauthorized online bank transfers from the customers' hacked accounts were allegedly done by a certain Mark Nagoyo.

The informant said the suspects were "engaged in the business of providing access devices to anyone looking for options to cash out funds fraudulently obtained." These devices included bank accounts, crypto wallets, and even point-of-sale terminals of otherwise legitimate merchants.

Taupa, the alleged mastermind, was arrested in a buy-bust operation, also on Jan. 18, in Floridablanca, Pampanga. The NBI said according to an informant, Taupa was selling "scampage" or phishing websites — particularly an imitation of the GCash page, which allowed him to steal funds from the victims' portals.

Further investigation revealed Taupa was also involved in a group heist, where he was in-charge of sending a list containing the personal details of various bank customers, the bureau added. The customers will then receive an email which includes a link that will be used for the hacking process.

Panaligan and Revillosa, meanwhile, were arrested for their involvement in the BDO fiasco as web developer and downloader, respectively, the NBI said.

It added that Anaekwe and Nwadi were presented for inquest before the Office of the Prosecutor General for Trafficking in Unauthorized Access Devices.

Taupa was also subjected to inquest procedures for violation of the Cybercrime Prevention Act of 2012, particularly Misuse of Devices, the NBI said.

There was no immediate statement from BDO.