MANILA (2nd UPDATE) — The House of Representatives website was breached and defaced on Sunday in the latest cybersecurity incident involving a government entity.

A "You've been hacked" message appeared on the left side of the House's landing page, www.congress.gov.ph, before noon, along with the troll face comic meme.

"Happy April Fullz kahit October pa lang!" the text also reads.

A certain 3MUSKETEERZ claimed the hacking.

In a statement, House Secretary General Reginald Velasco confirmed that the website experienced "unauthorized access" earlier Sunday.

Velasco said the House is addressing and investigating the matter with the help of the cybercrime arm of the Department of Information and Communications Technology (DICT) and law enforcement agencies.

The House website was no longer accessible as of 12:55 p.m. on Sunday.

"While we work to restore the website fully, we ask for patience and understanding. We are committed to [ensuring] the security and integrity of our digital platforms, and we will implement additional measures to prevent such incidents in the future," he said.

Velasco also urged the public to be cautious of suspicious emails or communications that claim to be from the House of Representatives.

Meanwhile, the DICT said they have been informed of the "cybersecurity incident."

"We are currently investigating the extent of the said incident and we shall provide further updates to the public as soon as they become available," the department said in a separate statement.

Government systems fall to hackers

Just this week, the Department of Science and Technology confirmed a data leak that affected its OneExpert portal. The department said no sensitive data was affected by the breach.

The Philippine Statistics Authority also fell victim to a cyberattack that affected its Community-Based Monitoring System.

The Philippine Health Insurance Corp. last month suffered a cyberattack which led it to temporarily operate manually. The group behind the ransomware attack has since leaked data from the state insurer.

• Was your PhilHealth data leaked? Check here

Watch more News on iWantTFC

On Thursday, De La Salle University said it also experienced a "cybersecurity incident" that affected the university’s on-premise-hosted applications. The university said the incident occurred on October 9, and did not affect student records and cloud-hosted applications.

• DLSU experiences 'cybersecurity incident'; student records intact

Speaking on TeleRadyo Serbisyo on Sunday morning, ScamWatch Pilipinas lead convener Art Samaniego Jr. said that cyber attacks may be motivated by hackers wanting to show that they can breach a system or by "hacktivism" — initiating an attack to send a message or further a cause.

He said the government can strengthen its cybersecurity posture by making sure intrusion detection and prevention software on its systems are updated.

Samaniego said this has to be coupled with user education to prevent carelessness that could expose a system to breaches.

"Kahit gaano katatag yung cybersecurity posture mo, pag 'yung user mo nagki-click pa rin ng link, nagpupunta pa rin sa porn sites, nagdo-download pa rin ng pirated software saka pirated videos, maha-hack at maha-hack ka pa rin," he said.

(No matter how strong your cybersecurity posture is, if your user still clicks suspicious links, visits porn sites, download pirated software and videos, it is just a matter of time that you will be hacked.)

• Expert to gov't: High time to invest in cybersecurity experts too

DICT Secretary Ivan John Uy earlier said it would appeal the decision of the House of Representatives to scrap its proposed confidential funds for 2024, which would be used to fortify the country's cybersecurity defenses.

"While cyber threats and cyber criminals are increasing… the Philippines — going against the tide of the rest of the world — is defunding our cybersecurity and is actually announcing to the world that we’re not interested in protecting our cyber borders," Uy said.

"You already saw how our PhilHealth was attacked. And there will be more of these in the coming days and weeks and coming years. That does not alarm anybody? That we are under cyber attacks?"

• PSA says National IDs, civil registry not affected by alleged data breach
• Privacy body probes 'possible negligence' in PhilHealth ransomware attack
• DOST reports data leak incident involving OneExpert portal