No 'concrete evidence' yet 1.2-M records were leaked - privacy watchdog | ABS-CBN
Welcome, Kapamilya! We use cookies to improve your browsing experience. Continuing to use this site means you agree to our use of cookies. Tell me more!
News
No 'concrete evidence' yet 1.2-M records were leaked - privacy watchdog
No 'concrete evidence' yet 1.2-M records were leaked - privacy watchdog
ABS-CBN News
Published Apr 21, 2023 12:27 PM PHT
|
Updated Apr 21, 2023 11:31 PM PHT
MANILA — There is no "concrete evidence" yet that more than 1.2 million records from multiple agencies were leaked, the country's privacy watchdog said Friday.
MANILA — There is no "concrete evidence" yet that more than 1.2 million records from multiple agencies were leaked, the country's privacy watchdog said Friday.
The National Privacy Commission, however, agreed with the findings of a cybersecurity firm that said the government data were unprotected.
The National Privacy Commission, however, agreed with the findings of a cybersecurity firm that said the government data were unprotected.
"At this point, we still have no concrete evidence that indeed 1.2 million records [were] leaked. What we know now is that it was left exposed," lawyer Michael Santos, chief of NPC's complaints and investigation division, told ANC's "Rundown".
"At this point, we still have no concrete evidence that indeed 1.2 million records [were] leaked. What we know now is that it was left exposed," lawyer Michael Santos, chief of NPC's complaints and investigation division, told ANC's "Rundown".
Cybersecurity firm VPNMentor reported this week the alleged "massive data breach" of employee and citizen records from the National Bureau of Investigation, Philippine National Police, Bureau of Internal Revenue and Civil Service Commission.
Cybersecurity firm VPNMentor reported this week the alleged "massive data breach" of employee and citizen records from the National Bureau of Investigation, Philippine National Police, Bureau of Internal Revenue and Civil Service Commission.
ADVERTISEMENT
According to the firm, the supposed compromised database contained highly sensitive personal information such as passports, birth and marriage certificates, drivers’ licenses, academic transcripts and security clearance documents.
According to the firm, the supposed compromised database contained highly sensitive personal information such as passports, birth and marriage certificates, drivers’ licenses, academic transcripts and security clearance documents.
"After looking at the initial artifacts... we are looking at the angle this could possibly be related to job applications or job recruitment," Santos said.
"After looking at the initial artifacts... we are looking at the angle this could possibly be related to job applications or job recruitment," Santos said.
Government agencies have begun their probe into the reported data breach, with the Department of Information and Communications Technology calling the incident a "grave concern".
Government agencies have begun their probe into the reported data breach, with the Department of Information and Communications Technology calling the incident a "grave concern".
The BIR, CSC and NBI insisted the leak did not happen in their agencies.
The BIR, CSC and NBI insisted the leak did not happen in their agencies.
"The BIR, CSC, NBI assured us after taking an internal look into their systems that... they didn't found any data breach in their systems," Santos said.
"The BIR, CSC, NBI assured us after taking an internal look into their systems that... they didn't found any data breach in their systems," Santos said.
The NPC will be conducting an onsite investigation into PNP's data processing system on Monday.
The NPC will be conducting an onsite investigation into PNP's data processing system on Monday.
"We expect first to be let into the data processing centers of the PNP to inspect their systems, to check their logs and to match data if indeed they are the ones collecting that information," Santos said.
"We expect first to be let into the data processing centers of the PNP to inspect their systems, to check their logs and to match data if indeed they are the ones collecting that information," Santos said.
"Given the set of data, of artifacts provided by the researcher, we will match it with their data processing system. If there's a match, we could possibly identify if indeed it was the processing systems of the PNP that was left exposed," he added.
"Given the set of data, of artifacts provided by the researcher, we will match it with their data processing system. If there's a match, we could possibly identify if indeed it was the processing systems of the PNP that was left exposed," he added.
Cybersecurity researcher Jeremiah Fowler found the existence of a non-password protected database through an IOT search engine.
Cybersecurity researcher Jeremiah Fowler found the existence of a non-password protected database through an IOT search engine.
He has said the database was "publicly accessible" to anyone with internet.
He has said the database was "publicly accessible" to anyone with internet.
Read More:
National Privacy Commission
NPC
privacy watchdog
watchdog
data breach
data leak
hacking
database
VPNMentor
National Bureau of Investigation
ADVERTISEMENT
ADVERTISEMENT