The National Privacy Commission (NPC) has launched an investigation into an alleged data breach concerning G-Xchange, Inc., the operator of the mobile wallet GCash, following reports that surfaced online on October 26.
The investigation was prompted by a post on a dark web forum by a threat actor using the alias “Oversleep2351,” who allegedly offered to sell user information. The claimed stolen data reportedly includes basic user data, GCash account numbers, linked bank and virtual card accounts, and full Know Your Customer (KYC) records, such as names, addresses, employment details, and valid Philippine IDs.
In response, the NPC’s Complaints and Investigation Division has issued a Notice to Explain (NTE) to G-Xchange, Inc. to obtain further details about the alleged incident. A clarificatory conference has also been scheduled.
In a statement NPC has advised the public to exercise heightened vigilance.
GCash denies breach
In a separate statement, GCash said that it immediately launched an investigation with its cybersecurity experts and relevant authorities to verify the online post claiming user information was being sold.
Initial forensic analysis, according to the company, shows “no compromise in GCash systems” and that the “data under circulation does not match official records or customer information.”
The mobile wallet operator detailed that initial findings reveal the alleged dataset does not match the data structure used within GCash systems. Furthermore, analysis indicated that it included individuals who are not GCash users, and that “many entries appear incomplete, inconsistent, or invalid.” These findings, GCash stressed, “strongly indicate that the material being circulated did not originate from GCash.”
The company assured the public that there is “no evidence of any breach in GCash systems” and that all customer accounts and funds remain secure. GCash pledged to continue working closely with the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission (NPC), and the Cybercrime Investigation and Coordinating Center (CICC) to validate information and ensure systems remain protected.
Pending result of its investigation, the NPC urged users to actively monitor their accounts, regularly update their MPINs and passwords, and enable additional security features. Users were also warned to remain alert to phishing attempts and refrain from sharing personal or sensitive data while the investigation is ongoing.
GCash also urged users to only report any suspicious activity through official channels, including the GCash Help Center (https://help.gcash.com), the customer service chatbot Gigi on the GCash app, or the GCash hotline at 2882.
