INFORMATION Technology Secretary Ivan Uy yesterday said no personal records of the Philippine National Police and the National Bureau of Investigation (NBI) were leaked online in relation to the reported massive breach of sensitive law enforcement agencies’ data.
“So, it’s not a hack, it’s not a breach. There was no intrusion into any government system,” Uy said in an interview.
He explained that during a check by a cybersecurity researcher, it was discovered that there was an “open” application site which did not include adequate security features and allowed access to the personal information of applicants that have been uploaded to the site, such as copies of their National Bureau of Investigation (NBI) clearance, birth certificate, identification cards, tax identification number, among others.
He said this was immediately reported to the DICT’s National Computer Emergency Response team and the site has been taken down.
“Hindi po ito ninakaw or ni-extract from any government or secured government database.
Apparently, this is an application recruitment site na mag-a-apply ka for trabaho. Since mag-a-apply ka for a work on that site, you are uploading your information (Nothing was stolen or extracted from any government or secured government database. Apparently, this is an application recruitment site where you apply for a job. Since you are applying for work on that site, you are uploading your information),” Uy said.
Uy said investigations are underway to determine who created the site, if any protocols, laws or rules were violated, among others.
He said it appeared that the IT department of the agency that created the recruitment site was not aware that it was created, which could explain why proper security protocols were not applied.
He said proper coordination is being done to prevent a repeat of the incident.
Cybersecurity firm vpnMentor reported last week of an alleged “massive data breach” of employee and citizen records from the NBI, PNP, Bureau of Internal Revenue (BIR) and Civil Service Commission (CSC).
It said that data involving around 1.2 million people were supposedly compromised as the database included highly sensitive personal information such as passports, birth and marriage certificates, drivers’ licenses, academic transcripts and security clearance documents.
The NBI and the BIR have earlier said none of their data were leaked online.