Mobile wallet giant GCash has issued a strong denial following allegations that a database containing the sensitive information of millions of its users was being sold on the dark web. The company, operated by G-Xchange, Inc., stated that an internal investigation found no evidence of a system breach and that all customer accounts and funds remain secure.
The allegations surfaced on October 25, 2025, when a threat actor using the alias “Oversleep8351” posted on a dark web forum. The post claimed to be selling a database of more than 7 million GCash users, purportedly including account numbers, linked bank details, and full “Know Your Customer” (KYC) records such as names, addresses, and valid Philippine IDs.
GCash’s Response: Data Mismatch
In an official statement, GCash confirmed it was aware of the post and had immediately launched a forensic investigation with cybersecurity experts.
The company’s key findings are:
- No System Match: The alleged dataset “does not match the data structure used within GCash systems.”
- Invalid Data: A deeper analysis revealed that the dataset “includes individuals who are not GCash users” and contains many entries that are “incomplete, inconsistent, or invalid.”
- Conclusion: GCash stated these findings “strongly indicate that the material being circulated did not originate from GCash.”
The company emphasized that it is coordinating closely with the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission (NPC), and the Cybercrime Investigation and Coordinating Center (CICC) to validate the information and to ensure that its systems remain protected.
Regulators Launch Investigations
Both the NPC and the CICC have launched independent probes into the matter.
The NPC confirmed it had issued a “Notice to Explain” to G-Xchange, Inc. and scheduled a conference to get more details. The privacy watchdog urged GCash users to remain vigilant, update their MPINs, and be on the alert for any phishing attempts.
The CICC’s initial assessment appears to support GCash’s findings. The agency reported that the data in question “appear to be recycled information,” suggesting it could be older, previously exposed data repackaged to look like a new breach, and that it “do[es] not originate from GCash’s systems.”
GCash has reassured the public that its platform remains secure and that customer funds are safe.
