345,000 sensitive OSG documents leaked online
MANILA, Philippines — Over 345,000 official documents, including supposed sensitive information on pending court cases and identities of witnesses, from the Office of the Solicitor General (OSG) have been made available on the internet for everyone to see.
The alleged leak was detected by London-based cybersecurity company TurgenSec, which alerted the Philippine government and the OSG about the data breach two months ago.
“This data breach is particularly alarming as it is clear that this data is of governmental sensitivity and could impact ongoing prosecutions and national security,” TurgenSec said.
“We encourage the [OSG] to submit the breached data to digital forensics specialists to ascertain the extent of this data breach and whether any file’s integrity was compromised,” it said.
Justice Secretary Menardo Guevarra on Monday raised his concern over the alleged leak of official documents from the OSG.
“The OSG handles thousands of cases in the Court of Appeals and in the Supreme Court in representation of the government, in general, and of the DOJ (Department of Justice), in particular,” Guevarra told the Inquirer.
Article continues after this advertisement‘Unknown third party’
“The DOJ, therefore, has substantial interest in finding out the cause of this alleged data breach and any prejudice to the interest of the government that such breach, if true, may have unduly caused,” he said.
Article continues after this advertisementTurgenSec said it sent emails to the Philippine government and the OSG two months ago after it “became aware” that over 345,000 documents from the primary state legal office had been made available in a “publicly accessible data store.”
TurgenSec cautioned the OSG that the leaked documents were now in the custody of an “unknown third party” and “malicious actors who could do considerable damage with it if mitigation steps are not taken.”
Easily available to anyone
It said the official documents became easily available to anyone with internet connection until the data breach was plugged by the OSG on April 28.
“This breach contained hundreds of thousands of files ranging from documents generated in the day to day running of ‘The Solicitor General of the Philippines,’ to staff training documents, internal passwords and policies, staffing payment information [and others],” TurgenSec said in a statement.
“The nature of these documents is of particular concern as it may have the potential to disrupt/undermine ongoing judicial proceedings,” it warned.
The cybersecurity company said the breach also included financial documents, audit reports and files “with presumably sensitive keywords such as ‘Private, Confidential, Witness and Password.’”
Most of the the “sensitive topics” contained in the alleged leaked documents covered “Rape” (774), “Opposition” (753) and “Execution” (437).
TurgenSec said there were also documents covering issues on human trafficking, the COVID-19 pandemic and national security, such as “terrorism/terrorist,” “weapon” and “nuke.”
Asked if he would order the OSG to submit an official report on the incident, Guevarra said: “I will appreciate it very much if the OSG will inform the DOJ of its findings, considering the big number of DOJ cases being handled by the OSG.”
He said the OSG, an attached agency of the DOJ, was already looking into the supposed data breach as reported by TurgenSec last week.