Manila, Oct. 27 -- The National Privacy Commission (NPC) is investigating the alleged data breach involving G-Xchange, Inc., the operator of GCash.

Reports of the data leak allegedly involving GCash surfaced online on Oct. 25.

"The NPC has immediately launched an investigation after a dark web post appeared claiming to sell user information," the NPC said in a statement Monday.

The NPC said the post, made by a threat actor using the alias "Oversleep8351," allegedly offers merchant and basic user data, GCash account numbers, linked bank and virtual card accounts, and KYC (Know Your Customer) records containing names, addresses, employment details, and valid Philippine identification cards.

The NPC's Complaints and Investigation Divisio...