PSA system hackers just wanted to show off, didn’t ask for ransom – exec
MANILA, Philippines — For an official of the Philippine Statistics Authority (PSA), hackers of the agency’s system merely wanted to brag about their abilities as the perpetrators did not demand a ransom in exchange for the leaked information.
PSA Data Protection Officer Eliezer Ambatali said that the hackers behind the cyberattack on the agency’s Community-Based Monitoring System (CBMS) have not yet established contact.
“As of now there’s no contact yet from the hackers, asking for monetary consideration on the downloaded files,” Ambatali said in an interview with ABS-CBN News.
“Well, from the post that we have seen, it’s just to expose or to brag about that they can do these kinds of cyberattacks,” he added.
The hacking of PSA’s CBMS, which was announced on October 7, followed PhilHealth’s data breach. On October 2, the state insurer that its system was hacked and the National Privacy Commission (NPC) later described the cyberattack as “staggering.”
Article continues after this advertisementREAD: Leaked Philhealth data ‘staggering,’ says NPC
Article continues after this advertisementInitial assessments revealed that more than 730 gigabytes of PhilHealth’s data have been compromised, including personal data of its members.
Authorities said that clandestine group “Medusa” admitted to the cyberattack on PhilHealth’s system and asked for $300,000, or around P16 million, in exchange for the leaked data.
READ: PhilHealth: No ransom paid to hackers
Ambatali noted that based on initial assessments, the malware or ransomware used in the hacking of PSA and PhilHealth systems are different.
“We cannot determine that yet, but we have some leads based on the Facebook post,” he said when asked if the cyberattack on PSA was carried out by the same group.
“That’s a different, well, malicious file that was injected into our system. We don’t think for now that that is similar to the Medusa,” he added.
READ: DICT: Hacked PhilHealth data spreading on app contains malware
Nevertheless, PSA has sought the help of the Philippine National Police (PNP) and National Bureau of Investigation (NBI) on the cyberattack.
“We have coordinated with our law enforcement (units) like the Anti-Cybercrime Group of NBI and PNP, and they are looking into the angle of — all sorts of angle for the purpose of these hackers, for the purpose of using the data that they have got,” Ambatali noted.
The PSA said also on Thursday that the hacking incident affected its Community-Based Monitoring System (CBMS).
READ: PSA exec says hacked financial info from system ‘not extensive’
The CBMS was established via Republic Act No. 11315, which mandates government agencies to collect, process, and validate disaggregated data that can be used to plan programs for poverty-stricken areas. Basically, the CBMS contains data of households targeted by the government for poverty-alleviation programs.
Ambatali said financial information obtained from respondents in the CBMS are not as extensive as data collected in PSA’s other surveys.