Rappler
NPC finds no GCash data breach after probe
The National Privacy Commission (NPC) concluded its investigation into alleged GCash data leaks, finding no sufficient basis to confirm a personal data breach.
The probe was initiated after a dataset, allegedly linked to GCash, appeared on a deep-web forum.
GCash complied with the NPC's orders to submit technical documents, preserve system logs, and participate in a clarificatory conference and live system demonstration.
The NPC's investigation found the data sample inconsistent with GCash's verified data structures, with several listed accounts being invalid or inactive.
A technical demonstration confirmed no unauthorized access attempts to core databases, including those with e-KYC information, and showed that only pre-approved internal IP addresses interacted with the system.
🤖
This story was generated by AI to help you understand the key points. For more detailed coverage, please see the news articles from trusted media outlets below.
News Sources
See how different news organizations are covering this story. Below are the original articles from various Philippine news sources that contributed to this summary.
The National Privacy Commission (NPC) is investigating an alleged data breach of GCash, the country's leading mobile wallet, after a dark web post claimed to be selling user data.
Read more →
GCash has denied allegations of a data breach despite claims on a dark web forum about the sale of user data impacting an estimated 7 to 8 million users.
Read more →
The Cybercrime Investigation and Coordinating Center (CICC) has cleared GCash of a data breach, concluding that the datasets sold on the dark web were fake and did not originate from the e-wallet.
+1
Read more →