The National Privacy Commission (NPC) has finished its investigation into a reported data leak involving GCash, the mobile wallet service run by G-XChange, Inc. The agency found no proof that a personal data breach occurred.
The investigation started after claims surfaced that GCash user data was being sold on a dark web forum. On October 27, 2025, the NPC ordered G-XChange to submit system records and technical documents to show whether its systems were secure. The company complied, and NPC reviewed the evidence.
To confirm the findings, a live system check was held on October 29, 2025. The review covered activity from January 1 to October 29, 2025. It showed no signs of hacking, data theft, or unauthorized access. Only approved internal IP addresses interacted with GCash’s sensitive databases, including those storing biometric data used for identity checks.
The NPC said it will continue to monitor threats to personal data and enforce the Data Privacy Act of 2012. It also reminded the public to report any suspected data breaches through its website or official email.
Also Read: GCash to use InstaPay for cash-in transactions starting October 1
With this announcement, the NPC has closed the case, stating that no user data was compromised.
Source: 1
