PNP seeks more time to confirm alleged data breach
MANILA, Philippines — The Philippine National Police (PNP) has sought more time to verify if its cybersecurity system was compromised in the alleged data breach of over 1.2 million records of law enforcement agencies, said the National Privacy Commission (NPC).
NPC Privacy Commissioner John Henry Naga on Thursday said the National Bureau of Investigation, Civil Service Commission, and Bureau of Internal Revenue have confirmed that there was no exposed data on their end.
“However, the Philippine National Police requested time to validate and review its systems for possible security compromise, considering that the police was [highlighted] in the report alleging the data leak,” Naga said in a statement.
READ: Statement from the National Privacy Commission regarding the reported leak of sensitive information of police personnel and other law enforcement agencies. | @AldenMonzonINQ pic.twitter.com/HXyM5H5vLS
— Inquirer Business (@InquirerBiz) April 20, 2023
The NPC, according to Naga, has also ordered its Complaints and Investigation Division to conduct an onsite inquiry on the concerned data processing system of the PNP on Monday, April 21.
Cybersecurity researcher Jeremiah Fowler, who had published a report on the alleged exposure of a massive, non-password protected database that was mostly personal data of police personnel and applicants, was likewise summoned to appear before the NPC to assist in the probe.
“The recent allegations of a data breach involving law enforcement agencies in the country should serve as a reminder that no organization, not even the government, is immune to the threat of cyberattacks. And that we should remain in constant vigilance in protecting personal data,” Naga stressed.
He urged government agencies and the private sector to not only adhere to existing regulations and standards on data privacy and security measures but also to “proactively identify and address potential vulnerabilities.”
“Even as our probe is underway, the NPC strongly demands of these government agencies, such as the PNP, to strictly comply with the Data Privacy Act of 2012, including the mandatory breach notification requirement under various NPC Circulars,” Naga added.
In 2022, digital public relations firm Reboot found that the Philippines was the ninth least cyber-secure country in Asia.
The country landed in 19th place among countries across the globe with a cyber danger score of 62.7 out of 100.