INQUIRER.net file photo
MANILA, Philippines — The alleged data breach involving over 1.2 million records of law enforcement agencies is already being investigated by the Department of Information and Communications Technology (DICT).
The government agency on Thursday said its Cybersecurity Bureau and National Computer Emergency Response Team (NCERT) have “doubled down on its investigation on the matter.”
“The DICT considers the incident as a grave concern that threatened the confidentiality, integrity, and privacy of user data. The department assures the public that investigation on the matter is underway,” it said in a statement.
The DICT also called on all government agencies to coordinate with the agency in bolstering their cybersecurity measures.
“Cybersecurity should be a concerted effort of everyone and all agencies are encouraged to seek assistance to help secure their respective cyber assets,” it stressed.
An unprotected database containing some 1.28 million identity documents and private records of personnel and applicants of the Philippine National Police (PNP) was exposed online and discovered by cybersecurity tracker vpnMentor in mid-January.
READ: For weeks, PNP staff database was exposed – cyber expert
Cybersecurity researcher Jeremiah Fowler said he immediately informed authorities about the alleged massive data breach, but it wasn’t until the second week of March – or at least six weeks later – that public access to the database was removed.
According to the DICT, the NCERT started its probe into the alleged data breach after receiving links to an Azure Blob Storage containing sample photos of identification cards, and PNP and National Bureau of Investigation (NBI) clearances from another cybersecurity researcher.
“The said security researcher did not disclose to the NCERT the source of the data and what information asset was compromised,” it noted.
The DICT then said the NCERT has since provided an incident report on the alleged data breach to the PNP and the NBI between March 3 to 23.
But the PNP on Wednesday said it “cannot categorically say at this time that there was leaked applicants’ data.”
A 2022 study by online marketing firm Reboot Digital PR Services found that the Philippines was the ninth least cybersecure country in Asia. Globally, the country ranked 19th with a cyber danger score of 62.7 out of 100.