MANILA, Philippines — The Philippine National Police had “serious lapses” after more than a million identity documents and private records of police personnel and applicants were exposed online, Department of Information and Communications Technology (DICT) Secretary Ivan Uy said on Tuesday.
Uy told reporters in Malacañang that the exposed data were from the application or recruitment portal of the PNP, saying the uploaded documents were exposed to the public.
The leaked data included clearances issued by the PNP, the National Bureau of Investigation, the Bureau of Internal Revenue and the Civil Service Commission.
But the DICT chief denied there was a “massive” data breach or hacking.
“So it’s not a hack; it’s not a breach. There was no intrusion into any government system,” he said, adding that there was a data leak due to vulnerability in the PNP’s system.
According to Uy, no data was stolen or extracted from any government or secured government database.
“It’s not a massive breach of all the different databases or anything. Definitely, there were serious lapses in procedure,” he said.
He said the employment site of the PNP had since been taken down.
He revealed that even the Information Technology Department of the PNP was not aware of the employment portal and the system in place.
“So it’s currently under investigation. In fact, even the IT department of that agency didn’t even know that there was a recruitment page there, they weren’t notified,” Uy said.
He said the National Privacy Commission had started an investigation and would recommend the appropriate charges on those liable for the exposed data.
“It’s now being investigated by the National Privacy Commission because it’s a violation of the Data Privacy Law,” he said.
He assured the public that those responsible for the data leak would be held accountable.
“They will have to be held accountable. But again, the job now is with the National Privacy Commission to study and investigate and recommend the appropriate charges,” he added. INQ