DATA BREACH. Philippine National Police chief Gen. Rodolfo Azurin Jr. delivers his welcoming remark during the groundbreaking for the PNP Press Corps office and briefing room at Camp Crame in QUezon CIty on Thursday (April 20, 2023). On the sidelines of the ceremony, Azurin said the PNP is already investigating a supposed data breach that hit government agencies. (Photo by Christopher Lloyd T. Caliwan)

MANILA – Outgoing Philippine National Police (PNP) chief Gen. Rodolfo Azurin Jr. on Thursday said their Anti-Cybercrime Group (ACG) has started its investigation into the alleged massive data breach that hit law enforcement agencies and government departments as reported by cybersecurity research firm VPNMentor.

“The data breach is being investigated by our ACG. We are waiting for the report of the ACG pertaining to the data breach,” Azurin told reporters during the groundbreaking for the PNP Press Corps office and briefing room held at Camp Crame in Quezon City.

ACG director Brig. Gen. Sidney Hernia, for his part, said they have already requested complete access logs from the PNP Recruitment and Selection Service (PRSS).

“We are still conducting vulnerability assessment and penetration testing. We cannot categorically say at this time that there was a leaked applicant’s data,” Hernia said in a statement shared with reporters by PNP Public Information Office chief Col. Redrico Maranan.

The breach has exposed 817.54 gigabytes of data involving 1,279,4237 records not only from the PNP but also from the National Bureau of Investigation (NBI), Professional Regulation Commission (PRC), Civil Service Commission (CSC) and the Bureau of Internal Revenue (BIR), among others.

The VPNMentor included in its report on Tuesday redacted copies of documents that were allegedly compromised such as certifications of board rating, national police clearance certificates and Bureau of Internal Revenue cards.

Also compromised were employee and applicant identification records, scanned and photographed copies of birth certificates, diplomas, tax filing records, passport and police identification cards and education record transcripts.

The breach also exposed certifications from the justice department as well as local and regional court records.

The VPNMentor said that any data breach that exposes personal information belonging to police and members of law enforcement or other officials can be dangerous as they could be potential victims of identity theft, phishing attacks, and other malicious activities.

“It would be easy for criminals to apply for loans, credit or other financial crimes using the identity of these individuals and supporting documents,” it said.

The cybersecurity research firm said criminals can also target members of law enforcement agencies for blackmail and other schemes

“Due to the amount of time from when the exposure was discovered, reported and finally closed, it is unclear exactly how long the database was publicly accessible or if anyone else may have accessed it,” it said. (PNA)