E-wallet firm GCash on Monday, October 27, reassured clients that their funds are secure following reports of an alleged data leak involving one of the country’s leading digital payment services.
Several reports have claimed a data leak involving GCash users’ private information, allegedly being sold by a threat actor named ‘Oversleep8351.’ The data reportedly includes account numbers, addresses, employment details and other personal information.
In a statement, GCash acknowledged the allegations that its customers’ data was being sold on the dark web. The company, however, said there is no evidence of any data breach.
‘Upon swift investigation of our cybersecurity experts, the alleged dataset does not match data from GCash systems. Additionally, many entities are incomplete, invalid, or do not belong to GCash users,’ it said in a statement posted on social media.
‘These findings strongly indicate that the data being circulated did not originate from GCash,’ it added.
The mobile wallet giant said it will coordinate with the Bangko Sentral ng Pilipinas, the National Privacy Commission (NPC), and the Cybercrime Investigation and Coordinating Center. The NPC said it would investigate the alleged data leak and urged customers to stay vigilant with their information.
‘GCash users should actively monitor their accounts, regularly update their MPINs and passwords, and enable additional security features to protect their information. They must also remain alert to phishing attempts and refrain from sharing personal or sensitive data while the investigation is ongoing,’ the NPC said.
GCash has previously faced reports of unauthorized transactions in 2024, which affected some of its customers’ funds.