Disclaimer: This article is for informational purposes only and does not constitute financial advice. BitPinas has no commercial relationship with any mentioned entity unless otherwise stated.
📬 Get the biggest crypto stories in the Philippines and Southeast Asia every week — subscribe to the BitPinas Newsletter.
Local e-wallet giant GCash denied reports claiming that user data from its platform is being sold on the dark web, assuring customers that there is no evidence of any breach in its systems and that customer accounts and funds remain safe and secure.
GCash: No Data Being Sold
In an advisory, GCash confirmed that it is aware of an online post alleging that user information is available for sale but clarified that its cybersecurity experts found no match between the alleged dataset and GCash’s system records.
“Upon swift investigation of our cybersecurity experts, the alleged dataset does not match data from GCash systems. Additionally, many entries are incomplete, invalid, or do not belong to GCash users.”
GCash
The e-wallet emphasized that these findings “strongly indicate” that the data being circulated did not originate from its platform, adding that it is working closely with the Bangko Sentral ng Pilipinas, the National Privacy Commission (NPC), and the Cybercrime Investigation and Coordinating Center to monitor the situation and ensure its systems remain protected.
“GCash remains fully committed to safeguarding customer data, strengthening our defenses, and upholding the trust of millions of Filipinos.”
GCash
NPC Probe Launched
The NPC confirmed that it has launched an investigation into the alleged data leak involving G-Xchange, Inc., the operator of GCash.
According to NPC’s October 27, 2025, press statement, the post allegedly made by a threat actor under the alias “Oversleep8351” claimed to offer merchant and basic user data, including account numbers, linked bank and virtual card accounts, and Know Your Customer (KYC) records containing names, addresses, and valid Philippine IDs.
The NPC’s Complaints and Investigation Division issued a Notice to Explain to G-Xchange, Inc. and scheduled an online clarificatory conference to gather further details about the incident.
- As of 10:30 a.m. on October 27, the NPC said it had not received any official data breach notification from the e-wallet operator.
The NPC then urged the public to exercise vigilance, monitor their accounts, update their mobile personal identification numbers (MPINs) and passwords, and remain alert to phishing attempts while the investigation is ongoing.
“GCash users should actively monitor their accounts, regularly update their MPINs and passwords, and enable additional security features to protect their information. They must also remain alert to phishing attempts and refrain from sharing personal or sensitive data while the investigation is ongoing.”
National Privacy Commission
The commission said verified updates will be released as more information becomes available, and advised the public to avoid sharing or engaging with unverified claims circulating online.
Alleged Data for Sale
According to a report made on October 25, a large cache of data allegedly belonging to G-Xchange Inc. reportedly been listed for sale on a dark web forum.
The post claims to contain sensitive personal and financial information of both merchant and regular GCash users, including verified electronic KYC (eKYC) records and linked accounts.
According to the listing titled “G-Xchange/GCash (GXCHPHM2XXX) User Infos by виверна,” the dataset purportedly includes millions of user entries spanning from 2019 to October 2025.
- The seller claims the data covers seven million to eigh million users and contains GCash account numbers, linked virtual cards and bank accounts, and eKYC details such as names, addresses, and employment information.
- The data is reportedly being offered in bundles of:
- $700 for 20,000 entries
- $500 per bundle for purchases of 200,000 entries
- $25,000 for the entire database
The seller also described the data as “not organized,” requiring buyers to manually sort records by account number or creation date.
- They also claimed to restrict sales to existing clients with verified credentials and to prohibit resale of the data to maintain “customer trust.”
- All payments are said to be accepted only in Monero (XMR), a cryptocurrency known for its privacy-focused features.
This article is published on BitPinas: GCash Denies Alleged Data Breach, Says User Information and Funds Remain Secure
What else is happening in Crypto Philippines and beyond?
