GCash reassures users: No data leak, post was fake

Mobile wallet GCash on Wednesday reiterated that its systems were not compromised and there has been no breach or leak of its customers’ data.

In a statement, GCash said that “all customer accounts and funds remain safe and secure.”

This is in connection with a post on the dark web offering GCash account numbers, linked bank and virtual card accounts, and know your customer records containing names, addresses, employment details, and valid Philippine IDs.

GCash said the post has since been deleted, “confirming assessments from both GCash and the Cybercrime Investigation and Coordinating Center (CICC) that the supposed leak was fake and involved recycled information from a previous, unrelated incident.”

The CICC said that the supposed leaked data involving GCash operator G-Xchange Inc. did not originate from the mobile wallet’s systems and that the propagated online post by the “threat actor” appear to be “recycled information,” which could be an older or previously available data “reused or reshared to appear as newly compromised material.”

“As of the evening of October 27, the dark web post has been taken down,” GCash said. 

GCash also reminded the public to avoid reposting unverified information online and to rely only on official channels for accurate updates. 

The mobile wallet added it will pursue legal action against individuals or groups spreading malicious or false claims that cause public confusion and undermine user trust. 

“Our commitment to customer safety and data security is absolute,” GCash said. 

“We thank the DICT and CICC for their leadership and partnership in ensuring a safe and secure digital financial ecosystem for all Filipinos,” it said.—AOL, GMA Integrated News