GCash said Monday it is investigating an online post alleging that user information is being sold on the dark web, although initial findings suggest the data did not originate from the financial technology company.
The company, one of the Philippines’ leading mobile wallets, said in a statement the security and privacy of its users remain its highest priority and that it immediately launched an investigation with its cybersecurity experts and relevant authorities to verify the authenticity of the claims.
“Initial findings show that the alleged dataset does not match the data structure used within GCash systems,” the company said.
GCash said the alleged data set is inconsistent with its data structure, includes non-GCash users, and contains invalid entries, “strongly suggesting the material did not originate from GCash.”
“At this time, there is no evidence of any breach in GCash systems. All customer accounts and funds remain secure,” GCash said.
The company said it is working closely with the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission (NPC) and the Cybercrime Investigation and Coordinating Center (CICC) to validate information and ensure its systems remain protected.
GCash urged users to remain vigilant and to report any suspicious activity only through official GCash channels.
“GCash remains fully committed to safeguarding customer data, strengthening our defenses, and upholding the trust of millions of Filipinos,” the company said.
