Over 1M records from NBI, PNP, other agencies leaked in massive data breach | Inquirer News

Over 1M records from NBI, PNP, other agencies leaked in massive data breach

/ 02:37 PM April 19, 2023

MANILA, Philippines —A staggering 1,279,437 records belonging to law enforcement agencies, including sensitive police employee information, have been compromised in an unprecedented data breach, as revealed by a report from the leading cybersecurity research company VPNMentor on Tuesday.

The massive data hack, which exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF), has put the personal information of millions of Filipinos at risk.

Article continues after this advertisement

Exposed records encompass highly sensitive data such as fingerprint scans, birth certificates, tax identification numbers (TIN), tax filing records, academic transcripts, and even passport copies.

FEATURED STORIES
A total of 1,279,437 records from law enforcement agencies, including police employee records, were left exposed in a massive data breach, according to a report published by cybersecurity research firm VPNMentor on Tuesday.

Sample of a criminologist accreditation, police clearance form, and BIR identification card, all available on the exposed database.

Sample of a criminologist accreditation, police clearance form, and BIR identification card, all available on the exposed database.

Internal directives addressing law enforcement officers were also exposed in the data breach.

“As an example, these would be orders from the top leadership of how to enforce what laws and what gets priority or additional training that is needed etc… I cannot further confirm or verify the accuracy or authenticity of these documents contained within this database. As such, I cannot guarantee that the contents of the documents are accurate or reliable,” writes cybersecurity researcher Jeremiah Fowler, who authored the report.

Article continues after this advertisement

Fowler reported that these government documents were stored in an unsecured, non-password-protected database “readily accessible to individuals with an internet connection” and vulnerable to cyberattacks or ransomware. Fowler noted that law enforcement officers are at risk when their personal documents are exposed, but no such attacks have occurred.

Article continues after this advertisement

“Any data breach that exposes personal information belonging to police and members of law enforcement or other officials can be dangerous. Individuals whose data is exposed could be potential victims of identity theft, phishing attacks, and a range of other malicious activities,” stressed Fowler.

Article continues after this advertisement

“The availability of government records in an unsecured database raises concerns about potential national security issues. The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes,” he added.

This database was left exposed for a minimum of six weeks, according to the report. However, Fowler recommended that a full forensic audit be conducted to “fully understand the extent and impact of the breach.”

Article continues after this advertisement

PNP Public Information Office Chief Rederico Maranan relayed to INQUIRER.net a message from Anti-Cybercrime Group Director Police Brig. Gen. Sidney Hernia, stating that the cybercrime unit is still conducting vulnerability assessment and penetration testing.

“We cannot categorically say at this time that there was leaked applicants’ data… We also requested complete access logs from the PNP Recruitment and Selection Service (PRSS) to evaluate those logs,” he stated.

RELATED STORIES:

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

PH firms among most vulnerable to cyberattacks, says Kroll report

Balancing cybercrime prevention and data privacy

Indonesia probes suspected data breach on COVID-19 app

JPV/abc
TAGS: BIR, data breach, NBI, PNP‎, Records

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.