The National Privacy Commission (NPC) is investigating G-Xchange, Inc., the company behind GCash, after reports of user data being sold online.
On October 26, a post on the dark web claimed to offer GCash user information, including account numbers, linked bank and card details, and personal records like names, addresses, and valid IDs.
In response, the NPC issued a Notice to Explain to G-Xchange and scheduled a clarificatory meeting. As of October 27, the agency said it has not received an official data breach report from the company.
The NPC advised users to secure their accounts by updating passwords and MPINs, enabling extra security features, and watching out for phishing scams.
GCash released a statement saying there is no evidence of a breach. The company’s cybersecurity team found that the leaked data does not match its records. Many entries were incomplete, invalid, or unrelated to GCash users.
“These findings strongly indicate that the data being circulated did not originate from GCash,” the company said. It added that all customer accounts and funds remain safe.
Also Read: GCash expands gaming payment options for Filipino players
GCash also said it is working with the NPC, Bangko Sentral ng Pilipinas (BSP), and the Cybercrime Investigation and Coordinating Center (CICC) to monitor the situation. Stay tuned for updates.
Source: 1
