MANILA, Philippines — Philippines’ Mobile wallet provider GCash said its initial investigation found no signs of a data breach in its systems, following reports that alleged user information had been posted for sale on a dark web forum.
According to GCash, a threat actor had claimed to possess and sell records containing eKYC (electronic Know Your Customer) data, linked bank accounts, and mobile wallet numbers. The dataset purportedly included information from 2019 up to October 2025, allegedly covering both individual and merchant accounts, with details such as names, addresses, occupations, and even valid government IDs.
However, in a statement released Monday, the company said that after conducting forensic analysis, the alleged dataset does not align with GCash’s internal data structure.
“Our initial findings show that the dataset includes individuals who are not GCash users, with many entries appearing incomplete or inconsistent. This strongly suggests that the data did not come from GCash,” the company said.
GCash emphasized that there is currently no evidence of any system compromise, assuring users that all funds and accounts remain secure.
The fintech firm added that it is coordinating with the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission (NPC), and the Cybercrime Investigation and Coordinating Center (CICC) to further validate information and strengthen system protection.
Meanwhile, the NPC announced that it has initiated a formal probe into the matter. The agency confirmed issuing a Notice to Explain to G-Xchange Inc., the operator of GCash, to obtain more details regarding the reported incident.
“If the investigation confirms that GCash user data has been compromised, the NPC will take appropriate enforcement actions under the Data Privacy Act of 2012,” the agency stated.
The NPC also reminded users to remain cautious by regularly checking their accounts, updating MPINs and passwords, and enabling extra security features.
“The NPC will release verified updates as soon as more information becomes available. In the meantime, the public is advised to avoid spreading unverified claims online,” it added.