ADVERTISEMENT
Manila Bulletin devider Business devider Banking & Finance devider GCash denies 8-million user data breach, even as NPC launches investigation

GCash denies 8-million user data breach, even as NPC launches investigation

Published Oct 27, 2025 12:18 pm
Mobile wallet giant GCash has denied reports that its users' personal data was compromised and allegedly sold on the dark web, asserting that its systems remain intact and that no data breach has occurred.
In a statement on Monday, Oct. 27, GCash said that initial forensic analysis “shows no compromise in GCash systems” and that the “data under circulation does not match official records or customer information.”
The fintech firm said it immediately launched a probe with cybersecurity experts, which found no evidence to support the data breach claims. GCash explained that the user dataset allegedly sold illegally was inconsistent with the company's records.
The alleged dataset being sold reportedly includes detailed Know Your Customer (KYC) information—such as names, addresses, employment details, and valid Philippine IDs—along with linked bank accounts and GCash numbers.
According to online reports, the seller claims the data dump contains up to eight million users and is offered in bundles priced up to $25,000, payable only through Monero (XMR) cryptocurrency.
“Initial findings show that the alleged dataset does not match the data structure used within GCash systems,” the company reported. “Further analysis reveals that it includes individuals who are not GCash users, and that many entries appear incomplete, inconsistent, or invalid. These findings strongly indicate that the material being circulated did not originate from GCash.”
GCash maintained that there is no evidence its systems were compromised and that the accounts and funds of its clients remain secure.
Meanwhile, the National Privacy Commission (NPC) has launched its own immediate investigation into the claims involving G-Xchange, Inc., the operator of GCash.
The NPC also released a statement on Oct. 27, urging the public to exercise heightened vigilance over the circulating claims.
The agency’s Complaints and Investigation Division has issued a Notice to Explain (NTE) to G-Xchange and has scheduled an online conference to discuss the incident further.
As of 10:30 a.m. on October 27, 2025, the NPC confirmed it had not yet received an official data breach notification from the company. The regulatory body warned that if its investigation confirms a compromise, it will take regulatory and enforcement action under the Data Privacy Act of 2012.
GCash said it continues to coordinate with the Bangko Sentral ng Pilipinas (BSP), the NPC, and the Cybercrime Investigation and Coordinating Center (CICC) to further validate the data circulating online.

Related Tags

National Privacy Commission GCash G-Xchange Inc.
ADVERTISEMENT
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ item.title }}

{{ articles_filter_1564_widget.title }}

{{ item.title }}
.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function initializeAllSwipers() { // Get all hidden inputs with cms_article_id document.querySelectorAll('[id^="cms_article_id_"]').forEach(function (input) { const cmsArticleId = input.value; const articleSelector = '#article-' + cmsArticleId + ' .body_images'; const swiperElement = document.querySelector(articleSelector); if (swiperElement && !swiperElement.classList.contains('swiper-initialized')) { new Swiper(articleSelector, { loop: true, pagination: false, navigation: { nextEl: '#article-' + cmsArticleId + ' .swiper-button-next', prevEl: '#article-' + cmsArticleId + ' .swiper-button-prev', }, }); } }); } setTimeout(initializeAllSwipers, 3000); const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); let article = entry.target; // Extract metadata const author = article.querySelector('.author-section').textContent.replace('By', '').trim(); const section = article.querySelector('.section-info ').textContent.replace(' ', ' '); const title = article.querySelector('.article-title h1').textContent; // Parse URL for Chartbeat path format const parsedUrl = new URL(newUrl, window.location.origin); const cleanUrl = parsedUrl.host + parsedUrl.pathname; // Update Chartbeat configuration if (typeof window._sf_async_config !== 'undefined') { window._sf_async_config.path = cleanUrl; window._sf_async_config.sections = section; window._sf_async_config.authors = author; } // Track virtual page view with Chartbeat if (typeof pSUPERFLY !== 'undefined' && typeof pSUPERFLY.virtualPage === 'function') { try { pSUPERFLY.virtualPage({ path: cleanUrl, title: title, sections: section, authors: author }); } catch (error) { console.error('ping error', error); } } // Optional: Update document title if (title && title !== document.title) { document.title = title; } } } }); }, { threshold: 0.1 } ); function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // Offset values const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } const sentinel = document.getElementById("load-more-sentinel"); if (!sentinel) { console.log("Sentinel element not found."); return; } function isSentinelVisible() { const rect = sentinel.getBoundingClientRect(); return ( rect.top < window.innerHeight && rect.bottom >= 0 ); } function onScroll() { if (isLoading) return; if (isSentinelVisible()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { let article = document.querySelector('#widget_1690 > div:nth-last-of-type(2) article'); intersectionObserver.observe(article) loadCount++; }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; }); } } window.addEventListener("scroll", onScroll); });
Join Our Newsletters

Sign up by email to receive news.

© 2025 Manila Bulletin The Nation's Leading Newspaper. All Rights Reserved.