GHL Systems

GHL Systems, headquartered in Malaysia, operates through its subsidiary E-Pay Malaysia to provide payment processing services via the E.V.E. platform. The organization's core function involves managing digital payment transactions, as evidenced by the E.V.E. system which handles user account information including personal details such as names, email addresses, dates of birth, and contact numbers. This subsidiary structure defines its operational footprint, with the parent company maintaining oversight while the subsidiary directly manages the payment infrastructure. The service targets users within its operational region, processing financial data as part of its electronic payment offerings. The platform's design involves collecting and storing significant personal information, positioning it within the financial technology sector where data security is critical. Its market presence is tied to this specific payment system, which serves as its primary known product. The company's activities place it within the regulated payments industry, requiring adherence to data protection standards. The subsidiary model indicates a decentralized approach to service delivery under the GHL Systems umbrella. This structure was notably referenced during a cybersecurity incident, highlighting the separation between the parent entity and its operational units. The E.V.E. platform represents the organization's main documented service interface with consumers.

In January 2021, GHL Systems acknowledged an investigation into a cybersecurity incident affecting the E.V.E. payment system operated by its subsidiary E-Pay Malaysia. The breach reportedly exposed approximately 380,000 user accounts, compromising personal data including names, email addresses, dates of birth, and contact details, while account passwords and tokens remained secured and masked. The parent company's public response emphasized that the incident was confined solely to the E.V.E. platform and did not impact other GHL Systems services or internal networks. This statement underscored the subsidiary's isolated operational environment within the broader corporate structure. The incident revealed the type of user data the organization collects and processes through its payment services. GHL Systems' handling of the situation involved confirming the investigation while limiting the scope of impact to the subsidiary's platform. The breach served as a public test of the company's incident response protocols and data segregation practices between parent and subsidiary. The acknowledgment demonstrated a degree of transparency regarding a security failure in its payment processing arm. The separation of systems, as claimed by the company, suggested compartmentalization as a risk mitigation strategy. The event remains a defining moment in the organization's documented history, illustrating both its data handling practices and its corporate communication during a security event.