GCash claims no breach of their systems after dark web listing, National Privacy Commission investigates
Learn More
The National Privacy Commission (NPC) of the Philippines has launched an official investigation into an alleged data breach involving G-Xchange Inc., the operator of GCash, the country's dominant mobile wallet platform. T
On Monday, October 27, 2025 the cybersecurity monitoring group Deep Web Konek reported that a set of user data allegedly belonging to GCash users appeared for sale on a dark web forum over the weekend.
The listing first surfaced on October 25, 2025, posted by a dark web user operating under the alias "Oversleep8351." The post, titled "G-Xchange/GCash (GXCHPHM2XXX) User Infos by виверна".
It advertises access to what the seller claims are massive data bundles allegedly extracted from GCash systems spanning a six-year period from 2019 through October 2025.
The alleged compromised data being offered for sale reportedly includes highly sensitive personal and financial information:
- Merchant and basic GCash user accounts
- G-Xchange/GCash account numbers
- Linked financial accounts, including virtual cards and bank connections
- Verified eKYC (Know Your Customer) records containing names, addresses, and employment details
- Valid Philippine government-issued identification documents, including passports, driver's licenses, and UMIDs
The number of affected individuals is not disclosed.
The offer structure reportedly ranges from $700 USD for a bundle containing 20,000 user entries to $25,000 USD for access to the complete dataset. The seller has not provided any evidence and claims that sample data would only be provided to verified, existing clients to prevent exposure and maintain what the criminal termed "customer trust."
GCash has strongly contested the authenticity of the data and denies that any breach occurred. In their official statement, the company reported that forensic analysis of their systems confirmed the platform is secure and that the dataset circulating online did not originate from GCash systems. The company stated: "Initial findings show that the alleged dataset does not match the data structure used within GCash systems. Further analysis reveals that it includes individuals who are not GCash users, and that many entries appear incomplete, inconsistent, or invalid. These findings strongly indicate that the material being circulated did not originate from GCash."
The NPC issued a public advisory on October 27, 2025, and confirmed a launch of an official investigation. As of 10:30 AM on October 27, 2025, the NPC stated that no official data breach notification had been received from G-Xchange Inc.
