The National Privacy Commission (NPC) said Monday it launched an investigation into an alleged data leak involving G-Xchange Inc., the operator of mobile wallet GCash, following reports that user data surfaced on the dark web on Sunday.
The NPC urged the public to exercise heightened vigilance and for GCash users to actively monitor their accounts and strengthen their security measures.
The investigation began after a dark web post, allegedly made by a threat actor using the alias “Oversleep8351,” claimed to be selling various user information.
The allegedly compromised data includes merchant and basic user data, GCash account numbers, linked bank and virtual card accounts and Know Your Customer (KYC) records. These KYC records reportedly contain names, addresses, employment details, and valid Philippine IDs.
The NPC’s complaints and investigation division issued a notice to explain (NTE) to G-Xchange to obtain further details about the alleged incident.
GCash said it is investigating the online post. The company, one of the Philippines’ leading mobile wallets, said in a statement the security and privacy of its users remain its highest priority and that it immediately launched an investigation with its cybersecurity experts and relevant authorities to verify the authenticity of the claims.
“Initial findings show that the alleged dataset does not match the data structure used within GCash systems,” the company said.
GCash said the alleged data set is inconsistent with its data structure, includes non-GCash users, and contains invalid entries, “strongly suggesting the material did not originate from GCash.”
“At this time, there is no evidence of any breach in GCash systems. All customer accounts and funds remain secure,” GCash said.
The company said it is working closely with the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission (NPC) and the Cybercrime Investigation and Coordinating Center (CICC) to validate information and ensure its systems remain protected.
GCash urged users to remain vigilant and to report any suspicious activity only through official GCash channels.
“GCash remains fully committed to safeguarding customer data, strengthening our defenses, and upholding the trust of millions of Filipinos,” the company said.
