HQ/EMEAFind out how we can help your business
A cybersecurity alert has spread in the Philippines regarding the Filipino government and law enforcement agencies experiencing a massive data breach incident.
According to reports, over 1.2 million critical data from the Philippine National Police (PNP), Bureau of Internal Revenue (BIR), National Bureau of Investigation (NBI), Special Action Force Operations Management Division (SAF), and Civil Service Commission (CSC) are involved in this breach.
With a total of 817.54GB of data, this exposed information from the Filipino government agencies includes fingerprint scans, tax identification numbers (TIN), tax filing records, birth certificates, passport copies, and academic transcripts, among other records.
The leaked databases owned by the affected Filipino government agencies are stored in a heavily unsecured environment.
More details about the issue explained that the exposed government files from the affected Filipino agencies are in an unsecured cloud environment, without a password encrypting it. The researchers also added that anyone with an internet connection could easily access these exposed databases, thus imperiling classified data to malicious actors.
It was also revealed that it had been about six weeks since the database had been left exposed and unsecured. While the PNP’s Anti-Cybercrime Group (ACG) officers have yet to validate initial reports about this issue, experts recommend a full forensic audit to understand the data breach incident’s scope and impact completely.
As underlined by security researchers, a wide range of cyberattack activities like phishing and identity theft could transpire over the compromised information, especially since it belonged to the police, officials, and members of law enforcement.
Furthermore, having discovered that these critical government records are stored in an unsecured environment online could imply potential national security issues looming over the Philippines. Cybercriminals could also leverage these exposed data to target authorities for blackmail attacks or other malicious schemes.
Notices have been sent to the affected government agencies. The Philippine National Computer Emergency Response Team acknowledged the alerts and said to investigate the issue.
