NATIONAL
Advocates Philippines
NPC Probes Alleged GCash Data Breach; Company Assures No Evidence Of Leak, Users' Funds Safe
FILE
The National Privacy Commission (NPC) has launched an investigation into reports of an alleged data breach involving G-Xchange Inc., operator of GCash, after claims surfaced online that user data was being sold on the dark web. But GCash has assured its millions of users that there’s no evidence of any system breach and that all funds and information remain safe and secure.
In a statement released Monday, the NPC said it is looking into reports of a possible leak after a dark web user—identified by the alias “Oversleep8351”—allegedly offered to sell GCash user information, including account numbers, linked bank accounts, and even KYC (Know Your Customer) details such as names, addresses, and valid IDs.
The commission’s Complaints and Investigation Division has already issued a Notice to Explain to G-Xchange Inc. and scheduled a clarificatory conference to get more details. As of 10:30 a.m. on October 27, 2025, the NPC said it has not yet received an official breach notification from the company.
If confirmed, the NPC vowed to take regulatory action under the Data Privacy Act of 2012. It also reminded GCash users to regularly update their MPINs and passwords, enable security features, and stay alert against phishing attempts while the probe is ongoing.
Meanwhile, GCash issued its own advisory, firmly denying any confirmed breach.
“There is no evidence of any breach in GCash systems. All customer accounts and funds remain secure,” the company said, adding that their cybersecurity experts found that the alleged dataset does not match any data from GCash systems and that many of the entries were incomplete, invalid, or unrelated to GCash users.
GCash also emphasized that findings strongly indicate that the circulating data did not originate from their platform.
The company assured users it is working closely with the BSP, NPC, and the Cybercrime Investigation and Coordinating Center (CICC) to monitor and validate information from all sources and keep its systems protected.
“GCash remains fully committed to safeguarding customer data, strengthening our defenses, and upholding the trust of millions of Filipinos,” the statement added.
For now, both the NPC and GCash are urging the public to stay cautious, avoid sharing personal information online, and rely only on verified updates as the investigation continues.
In a statement released Monday, the NPC said it is looking into reports of a possible leak after a dark web user—identified by the alias “Oversleep8351”—allegedly offered to sell GCash user information, including account numbers, linked bank accounts, and even KYC (Know Your Customer) details such as names, addresses, and valid IDs.
The commission’s Complaints and Investigation Division has already issued a Notice to Explain to G-Xchange Inc. and scheduled a clarificatory conference to get more details. As of 10:30 a.m. on October 27, 2025, the NPC said it has not yet received an official breach notification from the company.
If confirmed, the NPC vowed to take regulatory action under the Data Privacy Act of 2012. It also reminded GCash users to regularly update their MPINs and passwords, enable security features, and stay alert against phishing attempts while the probe is ongoing.
Meanwhile, GCash issued its own advisory, firmly denying any confirmed breach.
“There is no evidence of any breach in GCash systems. All customer accounts and funds remain secure,” the company said, adding that their cybersecurity experts found that the alleged dataset does not match any data from GCash systems and that many of the entries were incomplete, invalid, or unrelated to GCash users.
GCash also emphasized that findings strongly indicate that the circulating data did not originate from their platform.
The company assured users it is working closely with the BSP, NPC, and the Cybercrime Investigation and Coordinating Center (CICC) to monitor and validate information from all sources and keep its systems protected.
“GCash remains fully committed to safeguarding customer data, strengthening our defenses, and upholding the trust of millions of Filipinos,” the statement added.
For now, both the NPC and GCash are urging the public to stay cautious, avoid sharing personal information online, and rely only on verified updates as the investigation continues.
Oct 27, 2025
We are dedicated storytellers with a passion for bringing your brand to life. Our services range from news and media features to brand promotion and collaborations.
Interested? Visit our
Contact Us page for more information. To learn more about what we offer, check out our latest article on services and opportunities.
