A government investigation has found that GCash did not experience a data breach, dismissing rumors of a major leak. The National Privacy Commission (NPC) announced its conclusion following a technical review. The probe was triggered by reports that a dataset containing millions of GCash user accounts was being sold on a dark web forum.
The NPC initiated the inquiry on October 27, directing G-Xchange Inc., GCash’s operator, to provide technical documentation and submit to a live system demonstration. The company fully cooperated with the order. Forensic analysis then compared the leaked data with GCash’s verified information, finding significant inconsistencies and numerous invalid accounts.
The investigation reportedly uncovered no signs of a security intrusion. A live demonstration on October 29 allowed officials to examine critical databases, including customer identification records, from January 1 to October 29. The review confirmed that only pre-approved internal systems had accessed the data, with zero incidents of unauthorized entry.
The NPC reaffirmed its commitment to protecting public data and warned that the unauthorized sale of personal information is a crime. This finding is supported by the Cybercrime Investigation and Coordinating Center, which also found no evidence of a new breach and suggested the data was recycled from previous incidents.
The combined results from both official agencies confirm that GCash’s systems remained secure and were not compromised, providing assurance to its millions of users.