Cybersecurity researcher, Jeremy Fowler, from vpnMentor allegedly found that there is a non-password protected database that contains 1,279,437 records. This data breach has, in total, exposed 817.54 GB of data. The exposed information includes records of individuals who were employed or applied to work in the law enforcement in the Philippines. Details of the Exposed Records Exposed records contain highly sensitive personal information. This personal information includes but is not limited to scans of passports, birth certificates, marriage certificates, drivers’ licenses, fingerprints, signatures, academic transcripts, tax identification numbers, and security clearance documents. Furthermore, this breach has also exposed certifications from the justice department, and the local and regional court records. Exposed records can be broadly categorized into:
These records come from multiple Philippine state agencies which includes but are not limited to, the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue, Special Action Force Operations Management Division, and the Civil Service Commission. This is dangerous as with this exposed personal information, they could become potential victims of phishing attacks, identity theft, financial fraud and other malicious activities that can damage the reputation of the individuals affected. Philippine Government Response As of Thursday, the PNP chief Gen. Rodolfo Azurin Jr, had stated that their Anti-Cybercrime Group (ACG) has begun investigation into this alleged data breach, and are currently waiting for ACG’s report. ACG are still conducting vulnerability assessment and penetration testing, and ACG director, Hernia, stated that as of now, they “cannot categorically say there was a leaked applicant’s data”. The Department of Information and Communications Technology (DICT) has stated on Thursday that their Cybersecurity Bureau and National Computer Emergency Response Team (NCERT) have “doubled down on its investigation on the matter.” They also called on all government agencies to coordinate with DICT to strengthen their cybersecurity measures. As of today, NBI had put out a statement that said after initial investigations, they are “reasonably certain that the alleged breach does not involve any of the NBI’s systems”. They added that this is also supported by the fact that the compromised data in the data breach, are not included in their hiring and selection process. NBI also stated that “while the breached records supposedly include copies of NBI clearance IDs, these are normally released to the applicants, who may then submit or upload it for their stated purposes”. Takeaway This latest breach serves as a reminder that cybersecurity is a critical concern for all organizations, and that data breaches can happen to anyone. To protect themselves from cyber threats, it is important for organizations to implement robust security measures, including strong passwords, regular software updates, and regular backups of important data. As cybercriminals continue to become more sophisticated in their attacks, it is crucial for organizations to stay vigilant and proactive in their efforts to protect their sensitive information. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|