In response to online claims that user data from GCash had been sold on the dark web, GCash has issued a clear assurance: there is currently no evidence of any data breach in our systems, and all user accounts and funds remain safe and secure.
Here’s what happened and what you should know:
- The National Privacy Commission (NPC) launched an investigation after a post surfaced online claiming that millions of records—user account numbers, linked bank and virtual card info, KYC details—were listed for sale.
- GCash’s tech team found that the dataset circulating did not match its systems; many entries were incomplete, invalid or did not correspond to GCash users.
- GCash is working closely with the NPC, the Bangko Sentral ng Pilipinas (BSP) and the Cybercrime Investigation and Coordinating Center (CICC) to monitor and validate the situation.
- Despite GCash’s reassurances, the NPC advised users to stay vigilant: monitor accounts, regularly update MPINs/passwords, enable extra security features and watch for phishing attempts.