Inquirer
GCash denies data breach as privacy commission starts probe
GCash has denied allegations of a data breach despite claims on a dark web forum about the sale of user data impacting an estimated 7 to 8 million users.
The dark web post claimed the data set included merchant and basic GCash user accounts, GCash account numbers, linked accounts, and Know Your Customer (KYC) records with valid Philippine identification documents.
The alleged stolen data reportedly covered transactions and account registrations from 2019 to October 2025.
However, GCash states its initial forensic analysis shows no evidence of a breach, claiming the circulated data does not match their system's structure and contains incomplete, inconsistent, or invalid entries.
The National Privacy Commission (NPC) has launched an investigation into the alleged breach.
GCash assured customers that all accounts and funds are secure and is collaborating with the NPC and other agencies to investigate the matter.
🤖
This story was generated by AI to help you understand the key points. For more detailed coverage, please see the news articles from trusted media outlets below.
News Sources
See how different news organizations are covering this story. Below are the original articles from various Philippine news sources that contributed to this summary.
GCash has denied a data breach after reports of user data, including account numbers, linked bank accounts, and KYC records, being sold on the dark web.
Read more →
The National Privacy Commission (NPC) is investigating an alleged data breach of GCash, the country's leading mobile wallet, after a dark web post claimed to be selling user data.
Read more →