All the funds affected by what it called "sophisticated phishing" already should have been returned, a spokesperson for GCash has said.
According to Joseph Morong's report on "Saksi", more than 1,000 GCash accounts out of 81 million subscribers have been affected.
It said the incident was isolated and that there were no glitches in the system.
"This is a phishing incident and not hacking... The fraudster attempted to link a device," GCash vice president for corporate affairs Gilda Maquilan said.
GCash's investigation showed that the phishing operation gathered information and used the one-time-passwords generated simultaneously on May 8.
Its security detected the suspicious transactions and shut down the system.
"We have a protocol in place that’s why we were able to arrest and mitigate this," Maquilan said.
GCash is now coordinating with institutions where the funds have been deposited to determine the identity of the account holder.
"We will not stop here. So obviously ang kalaban natin is fraudsters. Dito naman pumapasok yung partnership natin with the NBI and the PNP. So we will pursue them," Maquilan said. —Sherylin Untalan/NB, GMA Integrated News