MANILA – The Department of Communications and Information Technology (DICT) and the National Privacy Commission (NPC) have begun their probes into the alleged breach of data from the Philippine National Police (PNP), the National Bureau of Investigation (NBI), and other agencies.
In a statement on Thursday, the DICT said an incident report -- made through the Philippine National Computer Emergency Response Team (NCERT) -- regarding the alleged breach has already been provided to both the PNP and the NBI between March 3 to 23.
“The NCERT started its investigation on the alleged breach after receiving links to an Azure blob storage containing sample photos of IDs, including PNP and NBI clearances, from a security researcher last 22 February 2023,” it said.
The source, it said, did not reveal where their data came from or what data have been compromised.
“The information sent by the security researcher is identical to what was reported by Mr. Jeremiah Fowler and which has since been credited by recent news reports,” it said.
The incident, it said, is considered a “grave concern that threatened the confidentiality, integrity, and privacy of user data” and assured the public that an investigation is underway.
“The [DICT] would also like to remind all government agencies to increase its cybersecurity measures and to coordinate with the DICT for further capacity building in this area,” it said.
On the other hand, the NPC on Thursday met with representatives of the PNP, the NBI, as well as other concerned agencies such as the Civil Service Commission (CSC) and the Bureau of Internal Revenue (BIR) to investigate the matter.
“In light of the alleged records leak and breach, the NPC has taken swift action and called the PNP, requiring them to provide additional information and explanation regarding the incident,” it said.
It reminded government agencies and other personal data processors of their responsibility to protect the data they collect.
“As your data privacy authority, the NPC is fully committed to protecting personal information and assures the public that we will not leave a stone unturned in getting to the bottom of this alleged breach,” it said.
Earlier, cybersecurity firm vpnMentor reported that around 1.2 million highly sensitive documents from government agencies have been exposed after the PNP allegedly fell victim to a massive hack.
The exposed data, it said, were mostly data from police applicants or existing members of the PNP, NBI clearances, records from the PNP, NBI, BIR, CSC, and other government agencies. (PNA)