NATIONAL
Advocates Philippines
DICT, NBI Investigate Alleged 1.2 Million Database Breach
The Department of Information and Communications Technology (DICT) is already investigating the alleged data breach that reportedly compromised more than 1.2 million records of law enforcement agencies.
The government agency stated on Thursday, April 20, that it "has doubled down on its investigation on the matter" through the Philippine National Computer Emergency Response Team (NCERT) of the DICT Cybersecurity Bureau.
The DICT said that its Cybersecurity Bureau started investigating the breach after receiving links to an Azure blob storage containing sample photos of IDs, including PNP and National Bureau of Investigation (NBI) clearances, from a security researcher on February 22.
The NCERT provided an incident report to both the PNP and the NBI between March 3 to 23.
The DICT assured the public that an investigation is underway and urged government agencies to increase cybersecurity measures and coordinate with the DICT for further capacity building in this area.
The NBI has also conducted an initial investigation and concluded that the alleged breach does not involve any of their systems.
NBI said it will continue monitoring and investigating the alleged data breach, and shall find and adapt new ways to keep information safe.
The leaked records, first reported by cybersecurity research company VPNMentor, supposedly contained 1,279,437 records, totalling 817.54 gigabytes, of both applicant and employee records under multiple state agencies.
The reported data breach comprises Tax Identification Numbers (TINs), which are nine-digit identification numbers assigned to individual and corporate taxpayers in the Philippines for record-keeping and identification purposes. Additionally, the supposed database contained materials pertaining to internal directives that address law enforcement officers, whose confidential status may be uncertain.
The DICT considers the incident as a grave concern that threatened the confidentiality, integrity, and privacy of user data.
The government agency stated on Thursday, April 20, that it "has doubled down on its investigation on the matter" through the Philippine National Computer Emergency Response Team (NCERT) of the DICT Cybersecurity Bureau.
The DICT said that its Cybersecurity Bureau started investigating the breach after receiving links to an Azure blob storage containing sample photos of IDs, including PNP and National Bureau of Investigation (NBI) clearances, from a security researcher on February 22.
The NCERT provided an incident report to both the PNP and the NBI between March 3 to 23.
The DICT assured the public that an investigation is underway and urged government agencies to increase cybersecurity measures and coordinate with the DICT for further capacity building in this area.
The NBI has also conducted an initial investigation and concluded that the alleged breach does not involve any of their systems.
NBI said it will continue monitoring and investigating the alleged data breach, and shall find and adapt new ways to keep information safe.
The leaked records, first reported by cybersecurity research company VPNMentor, supposedly contained 1,279,437 records, totalling 817.54 gigabytes, of both applicant and employee records under multiple state agencies.
The reported data breach comprises Tax Identification Numbers (TINs), which are nine-digit identification numbers assigned to individual and corporate taxpayers in the Philippines for record-keeping and identification purposes. Additionally, the supposed database contained materials pertaining to internal directives that address law enforcement officers, whose confidential status may be uncertain.
The DICT considers the incident as a grave concern that threatened the confidentiality, integrity, and privacy of user data.
Apr 21, 2023
