About Us
NPC urges public vigilance following alleged GCash data leak
- Gcash, NPC
-
Photo from Pixabay
By TechWatch PH Staff
The National Privacy Commission (NPC) has urged the public to exercise “heightened” vigilance after reports of an alleged data leak involving G-Xchange, Inc., the operator of popular mobile wallet platform GCash, surfaced online on October 26.
According to the NPC, an alleged dark web post by a threat actor using the alias “Oversleep8351” claimed to be selling sensitive user information, including GCash account numbers, merchant and basic user data, linked bank and virtual card accounts, and Know Your Customer (KYC) records containing names, addresses, employment details, and valid IDs.
In response, the NPC said its Complaints and Investigation Division immediately launched a probe and issued a Notice to Explain (NTE) to G-Xchange, Inc. to obtain further details about the incident. An online clarificatory conference has also been scheduled to discuss the matter.
The commission assured the public that if the investigation confirms any compromise of GCash users’ personal data, it will take appropriate regulatory and enforcement actions under the Data Privacy Act of 2012.
GCash users are advised to monitor their accounts, regularly update their MPINs and passwords, and enable additional security features to protect their data. The NPC also reminded users to be alert against phishing attempts and to refrain from sharing personal information while the investigation is ongoing.
“The NPC will issue verified updates as soon as more information becomes available. In the meantime, the public is advised to exercise caution and avoid spreading unverified claims online,” the agency added.
Meanwhile in a statement, Gcash said that according to its initial findings showed that the alleged dataset does not match the data structure used within Gcash system.
“These findings strongly indicate that the material being circulated did not originate from GCash. At this time, there is no evidence of any breach in GCash systems. All customer accounts and funds remain secure.,” Gcash said.
“We continue to work closely with the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission (NPC), and the Cybercrime Investigation and Coordinating Center (CICC) to validate information from all possible sources and ensure that our systems remain protected. We urge users to remain vigilant and to report any suspicious activity only through official GCash channels,” It added.
READ:
Dark web ‘GCash Leak’ likely fake, forensic review finds no signs of breach