BJMP: No sensitive data compromised after cybersecurity breach

By Christopher Lloyd Caliwan

April 7, 2024, 11:14 am

MANILA – The Bureau of Jail Management and Penology (BJMP) has denied hackers’ claim that they compromised the bureau’s private data intended to be “securely protected.”

The BJMP made the statement following the cybersecurity breach on its website perpetrated by the Philippines Exodus Security (PHEDS), a hacker group known for targeting government websites.

"We assure the public that there are no personal and sensitive data compromised in the said breach," the BJMP said in a news release on Sunday.

It said the website is currently under maintenance, alongside expedited plans for migration to a more secure platform.

Upon discovering the breach, the BJMP Directorate for Information and Communications Technology Management (DICTM) launched a comprehensive investigation and implemented prompt measures to mitigate its impact.

Among the initial steps taken, the DICTM initiated password changes and conducted an inventory to assess any potential data loss.

Subsequent validation revealed that the unauthorized access was facilitated by outdated security patches, for which the Content Management System (CMS) platform no longer provided technical support.

The PHEDS’ cyberattack on BJMP’s website was announced on X (formerly Twitter) by Deep Web Konek, a group identifying itself as cybersecurity enthusiasts monitoring Dark web activities in the Philippines.

According to media reports, PHEDS claimed its “team has compromised your databases, gaining access to private data that it is intended to be securely protected.”

Meanwhile, the city government of Marikina on Sunday said it regained control of its hacked Facebook page last month.

In a Marikina PIO FB page post, Mayor Marcelino Teodoro thanked the National Bureau of Investigation, Philippine National Police- Anti-Cybercrime, and the Department of Information and Communications Technology (DICT)-Cybercrime Investigation and Coordinating Center for helping them recover the Facebook page.

“Ito na muli ang gagamiting official FB Page ng Marikina City na maghahatid sa inyo ng mga importanteng balita, anunsyo at serbisyo publiko (This is the same FB page that will be used by Marikina City to disseminate important news, announcements and services to the public),” Teodoro said.

He said the hacking incident has affected a lot of city government’s services, including the dissemination of information on tax payment schedules.

The Marikina PIO's Facebook account has over 1 million followers, including non-residents.

Last week, hackers also attacked the Department of Science and Technology (DOST) website.

The cyberattack, the DICT said, is possible ransomware or a political attack, with the DOST’s system locked out and encrypted by the threat actors.

While the extent of the hack is still being investigated, DICT spokesperson, Assistant Secretary Renato ‘Aboy’ Paraiso has said the hackers might have no access to the compromised data themselves. (PNA)