House probe on hacking, data breach at gov’t agencies sought
By LLANESCA T. PANTI, GMA Integrated News Published February 29, 2024 3:50pm Progressive lawmakers on Thursday sought a congressional inquiry into multiple incidents of hacking and data breach involving several government agencies. In filing House Resolution 1690, members of the Makabayan bloc noted the state’s policy to protect the fundamental human right of privacy and […]
By LLANESCA T. PANTI, GMA Integrated News
Progressive lawmakers on Thursday sought a congressional inquiry into multiple incidents of hacking and data breach involving several government agencies.
In filing House Resolution 1690, members of the Makabayan bloc noted the state’s policy to protect the fundamental human right of privacy and of communication while ensuring free flow of information to promote innovation and growth.
They cited information from global cybersecurity firm Kaspersky Security Network (KSN) ranking the Philippines fourth in the global ranking of countries most targeted by web threats in 2023 and the top in Southeast Asia.
“An extensive data breach in early 2023 revealed 817.54 gigabytes of records belonging to both applicants and employees across various government agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF) has put the personal information of millions of Filipinos at risk,” the lawmakers said.
They also cited the following incidents that took place since last year:
- the hacking of the Facebook page of Philippine Statistics Authority in Central Visayas (PSA-7) on February 22, 2023;
- the Philippine Health Insurance Corporation being attacked by ransomware named Medusa in September 22, 2023, which resulted in at least 13 million members’ personal information being uploaded on the dark web, with the culprits demanding $300,000 or P17 million in exchange for restoring computer access;
- the Department of Science and Technology (DOST) confirming a data leak incident concerning the OneExpert website involving personal information, including names and email addresses of technical experts as well as users’ email addresses on October 12, 2023;
- the Senate of the Philippines website receiving a spike of cyber attacks on the same day the House of Representatives’ web portal was defaced by hackers on October 18, 2023
- the official Facebook page of the Department of Social Welfare and Development in Central Visayas (DSWD-7) being taken over by hackers on January 23
The resolution also mentioned that no less than Department of Information and Communications Technology (DICT) spokesperson Renato Paraiso had said in a radio interview that the mailboxes of DICT, the website of National Coast Watch Center, and the personal website of President Ferdinand “Bongbong” Marcos Jr. were among the targets of unsuccessful hacking operations in January by hackers believed to be based in China.
The lawmakers also mentioned in their resolution the discovery of Jeremiah Fowler, a researcher at cyber-security firm vonMentor, of a non-password protected cloud storage database connected to the Online Voucher Application (OVAP) program of the Department of Education (DepEd), which supposedly exposes total of 210,020 records and documents.
“The reported data breach necessitates urgent investigation and action as it not only jeopardizes the personal data of individuals affected but also ensures data privacy and security is paramount in maintaining public trust and protecting national security mandated by these government agencies,” the lawmakers said.
Those who filed the resolution were House Deputy Minority Leader France Castro of ACT Teachers party-list, House Assistant Minority Leader Arlene Brosas of Gabriela party-list, and Kabataan party-list lawmaker Raoul Manuel.
“Now, be it resolved, that the House of Representatives conduct an investigation into the reported data breach incidents which have caused violations of the Data Privacy Act, Cybercrime Prevention Act, and other pertinent laws caused by various hackers and perpetrators,” the lawmakers said.
The Philippines’ Cybercrime Prevention Act of 2012 punishes offenses against the privacy, confidentiality, integrity, and availability of computer data and systems, such as illegal access, unauthorized interference, system interference, data interference, misuse of devices, and cybersquatting. —KBK, GMA Integrated News