DICT exec: 'Unsecured' PNP recruitment portal 'not professionally developed' | Inquirer News

DICT exec: ‘Unsecured’ PNP recruitment portal ‘not professionally developed’

/ 03:07 PM April 25, 2023

DICT Secretary Ivan John Uy says the "unsecured" PNP recruitment portal was not "not professionally developed."

FILE photo: IT expert and now DICT Secretary Ivan Uy during a hearing of the Senate electoral reforms committee on May 31, 2022. Screengrab from Senate livestream

MANILA, Philippines —Secretary  Ivan John Uy of the Department of Information and Communications Technology (DICT) said that the recruitment portal that exposed over a million records of police applicants was “not professionally developed.”

Uy reaffirmed that no personal records were stolen in the recent hacking incident; only information from the Philippine National Police’s (PNP) recruitment portal was compromised.

Article continues after this advertisement

“Because it’s a recruitment portal, the public uploaded their NBI clearance, their birth certificates, their driver’s license, whatever documents that they have to submit to the recruitment portal,” the DICT official said over ANC when asked about the leaked records of more than 1.2 million PNP employees and applicants.

FEATURED STORIES

The DICT chief also clarified that the incident was not a breach of multiple government agencies but of a singular employment portal.

According to Uy, the documents were exposed due to an unsecured site rather than a hacking attempt. While the portal was created for those looking to work with the PNP, Uy did not specify which agency created it.

Article continues after this advertisement

A DICT investigation found that no information and communication technology or cybersecurity professionals were consulted by the government agency responsible for the now-defunct recruitment portal for police applicants.

Article continues after this advertisement

“During our investigation, we discovered that this site was actually not professionally developed. In fact, the IT department of that government agency was not even called in order to help design and develop the system,” Uy said.

Calling it a “mom-and-pop operation,” Uy explained that only one agency site was unprotected.

Article continues after this advertisement

Uy did not say if he was still referring to the PNP.

“They just adopted and used it without even consulting the DICT on the best practices and the international standards that should be adopted in terms of cybersecurity, data protection, and so on. So without going through all that regulatory protection mechanism, it was deployed and that’s the exposure that happened,” he narrated.

READ: Over 1M records from NBI, PNP, other agencies leaked in massive data breach

The PNP job applicants’ sensitive personal files were exposed in an unprotected database, as reported by cybersecurity researcher Jeremiah Fowler on vpnMentor on April 18. With over 1.2 million files up for grabs, individuals with internet access were apparently able to access them without a password. DICT chief Uy shut down the recruitment site, and the National Privacy Commission (NPC) is investigating.

READ: For weeks, PNP staff database was exposed – cyber expert

“The NPC has already initiated an investigation – if there were any protocols that were violated or any rules – so that the people who caused this could properly be made accountable,” he said.

Uy asked government agencies to seek assistance from DICT in developing their cyberspace infrastructures. He reminded them that DICT was created to help them adopt world standards in ICT systems. He also urged them to stop seeking help from individuals who lack the necessary credentials or certifications.

RELATED STORIES

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Lawmakers raise data security concerns after PNP-NBI breach

IT experts’ group urges government to strengthen data protection after PNP breach

kga/abc
TAGS: data breach, DICT, NBI, PNP‎

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.