Overview
A new underground-forum handle, “KANLAON,” claimed a leak tied to the Department of Public Works and Highways (DPWH), citing 231,761 document lines and 32,125 API entries. Meanwhile, separate developments are now confirmed: government and media report “ghost” flood control projects and escalating investigations by the Senate and the executive branch. Treat the data-leak claim as alleged pending forensic validation; treat the flood-control anomalies as confirmed and under formal probe (Philippine News Agency, Presidential Communications Office).
What’s actually confirmed now
- Ghost projects exist / probes active. DPWH’s prior chief Manuel Bonoan publicly acknowledged reports of ghost flood-control projects in Bulacan, while the Senate Blue Ribbon inquiry continues (Philippine News Agency, Philippine News Agency).
- Executive action. Malacañang says the President will create an independent body to investigate flood-control anomalies; the new DPWH chief Vince Dizon signaled sanctions and reviews against erring contractors (Presidential Communications Office, Presidential Communications Office).
- Operational lapses on record. A DPWH engineer admitted not inspecting projects later tagged as ghost works—underscoring oversight failures (Philippine News Agency).
What remains alleged (and why it matters)
- The DPWH data-leak claim by “KANLAON” remains unverified in official channels. Underground posts can mix real and recycled data; verification needs controlled sampling, chain-of-custody, and coordination with authorities.
- Even without confirmation, such posts are weaponizable: they seed phishing lures, credential-stuffing, and invoice fraud against public and contractor ecosystems.

What was posted (from the above image)
- Counts claimed: “231,761 lines” total; “32,125 API lines.”
- Data types claimed: credentials, emails, addresses, database artifacts.
- Narrative: ties the alleged leak to ₱306M “ghost” projects in Negros; calls for accountability.
Why this matters to the public
- Accountability vs. privacy risk. Confirmed ghost projects drive legitimate calls for reform. A data dump, if real, would additionally expose citizens and employees to scams and identity theft.
- Copycat risk. High-profile probes attract access brokers and hacktivists; claims get repackaged to fuel social-engineering.
Practical safeguards (organizations)
- Identity & OAuth hygiene: rotate high-privilege credentials; revoke stale tokens; enforce MFA across email/CRM/admin consoles.
- Email controls: fast-track DMARC to reject; add detections for PH-themed lures referencing DPWH or flood-control projects.
- Supplier verification: validate bank-detail changes out-of-band for contractors tied to public works.
- Monitoring: alert on unusual API calls, mass exports, and spikes in OAuth consents.
- Comms discipline: pre-draft a factual statement if your brand is name-checked in recycled dumps.
Practical safeguards (individuals)
- Turn on MFA for email, banking, and government portals.
- Be skeptical of messages invoking DPWH, flood-control refunds, or “verification” requests.
- Don’t reuse passwords; use a password manager.
iZOOlogic’s view
Our analysts continuously track Philippines-focused threat narratives across open and underground channels. When posts like this surface, we prioritize verification, victim-notification paths, and takedown support where appropriate.
FAQ
Q: Is the DPWH leak confirmed?
A: Not by official channels as of this writing; investigations around ghost projects are confirmed and ongoing (Philippine News Agency, Presidential Communications Office).
Q: What’s new since last week?
A: Palace announced an independent probe body; the new DPWH chief flagged stronger sanctions and reviews (Presidential Communications Office, Presidential Communications Office).
Q: How should readers interpret underground claims?
A: As signals—validate before reacting publicly; assume some lures will exploit the headlines regardless of veracity.
