Authorities Find No Evidence of GCash Data Breach in Initial Probe

Authorities have found no indication that the personal information allegedly sold on the dark web came from GCash’s systems, according to the initial findings of the Cybercrime Investigation and Coordinating Center (CICC).

The CICC, through its Cybercrime Investigation Office, announced that its preliminary analysis showed that the datasets circulating online did not originate from G-Xchange Inc., the company that operates the popular mobile wallet platform.

“Further examination also shows that the datasets in question do not originate from GCash’s systems,” the agency said. “These findings suggest that there has been no recent compromise of GCash’s infrastructure.”

Recycled Data, Not a New Breach

The CICC said the supposed leaked information appeared to be recycled or previously available data that had been repackaged to look like newly hacked material.

The agency added that this tactic is common among threat actors who seek to generate public alarm or profit by reselling old or fabricated datasets.

Officials said that so far, there is no evidence of a fresh intrusion into GCash’s servers or network infrastructure. However, authorities emphasized that the investigation remains ongoing to ensure the platform’s continued security.

The CICC confirmed it is working closely with GCash and the Department of Information and Communications Technology (DICT) to cross-check the findings, conduct comprehensive system audits, and identify any potential vulnerabilities.

The agency also said it is tracking individuals or groups responsible for the reported exposure. Once the investigation concludes, results will be shared with the appropriate law enforcement authorities.

GCash Welcomes CICC’s Findings

In a statement, GCash expressed support for the CICC’s initial report, saying the results were consistent with its own forensic review. The company reiterated that no breach of its systems occurred.

“The findings align with our internal investigation,” GCash said. “We found no evidence of any system breach, and the alleged dataset being circulated online does not match customer information or data structures used within our systems.”

GCash assured users that all customer funds and accounts remain secure and that the company continues to implement multi-layered security measures to protect user information.

NPC Launches Separate Investigation

Meanwhile, the National Privacy Commission (NPC) confirmed that it has initiated an independent probe into the alleged data exposure. The agency has issued a Notice to Explain to G-Xchange Inc. to clarify details surrounding the claims.

As of October 27, however, the NPC said it has not received any formal data breach notification from the company.

The commission said it will continue to coordinate with the CICC and DICT to verify the authenticity of the leaked data and determine if any privacy laws were violated.

Authorities Warn Against False Online Claims

Authorities reminded the public to be wary of unverified claims circulating online, especially those spread on anonymous forums or marketplaces on the dark web — a hidden segment of the internet accessible only through specialized software like Tor, often used for illicit transactions.

Both the CICC and NPC said that official and verified updates regarding the case will be released only through government channels once investigations are completed.

Dark Web Post Taken Down

The controversy began when a post appeared on a dark web forum claiming to sell user information allegedly taken from G-Xchange Inc.

The post — which has since been taken down — claimed to include merchant and user data, GCash account numbers, linked bank and virtual card accounts, and Know Your Customer (KYC) records containing names, addresses, employment details, and copies of valid IDs.

GCash quickly denied the authenticity of the post, reiterating that no customer data was compromised. The company said it immediately launched its own probe and is cooperating fully with all concerned government agencies.

Authorities have not ruled out the possibility that the information offered online came from unrelated sources or previously leaked data sets.

Both government agencies and GCash assured the public that the country’s largest e-wallet platform remains secure and under continuous monitoring.