NPC: Data of 597 DOST workers compromised in hacking incident

By Raymond Carl Dela Cruz

April 8, 2024, 6:22 pm

MANILA – An investigation by the National Privacy Commission (NPC) has found that the personal data of approximately 597 employees of the Department of Science and Technology (DOST) have been compromised following the hacking of its system last week.

In a statement on Monday, the NPC said an on-site investigation at the DOST Central Office was made by the NPC-Complaints and Investigation Division (CID) on April 4 and found that the breach potentially exposed personal information such as names, gender, civil status, and addresses of these individuals.

“The data dump uploaded by the threat actor included several resumes of individual applicants to DOST. The NPC-CID is currently engaged in a thorough analysis of the data dump to fully determine the extent of the breach and assess associated risks,” it said.

The NPC warned the public against accessing, downloading, or sharing the uploaded data dump without “legitimate purpose or proper authorization.”

“Such actions may constitute unauthorized processing of personal data, which is punishable by law,” it said.

On Thursday, the Department of Information and Communications Technology (DICT) reported that the DOST hack was possibly a ransomware or political attack, with the DOST’s system locked out and encrypted by the attackers.

While the attack is the largest hack against the government to date at two terabytes, he said the impact is relatively small compared to past attacks, such as against the Philippine Health Insurance Corporation (PhilHealth). (PNA)