GCash says no data breach amid NPC probe on alleged leak
Gcash assured the public that there is no evidence of a data breach in their systems amid a post alleging user information is being sold on the dark web.
"Your funds and information are safe and secure," the e-wallet app said in an advisory on Oct. 27.
"Upon swift investigation of our cybersecurity experts, the alleged dataset does not match data from GCash systems. Additionally, many entries are incomplete, invalid, or do not belong to GCash users," GCash added.
It continued to say that these findings show that the data being circulated are not from GCash.
The mobile wallet also said that they are closely working Bangko Sentral ng Pilipinas, Nantional Privacy Commission, and Cybercrime Investigation and Coordinating Center for monitoring and validation of information.
Earlier, the NPC announced an investigation is ongoing after the dark web post claiming to sell user information circulated online on Oct. 26.
NPC reported that a user under the alias "Oversleep8351" made the post allegedly offering merchant and basic user data, GCash account numbers, linked bank and virtual card accounts, and KYC (Know Your Customer) records containing names, addresses, employment details, and valid Philippine IDs.
The NPC has issued a notice to explain to G-Xchange, the operator of GCash, to get more details about the alleged breach.
The commission also urged GCash users to take extra measures to secure their accounts, update passwords, and stay alert to phishing attempts among others.