THE militant Makabayan bloc yesterday filed a measure urging the House Committee on Information and Communication Technology to investigate, in aid of legislation, the alleged massive data breach of the records of the Philippine National Police, the National Bureau of Investigation, the Bureau of Internal Revenue and other government agencies.
Cybersecurity firm vpnMentor reported last month that there was an alleged “massive data breach” of employee and citizen records from the NBI, PNP, BIR, the Civil Service Commission (CSC) and the Special Action Force Operations Management Division.
It said the database containing the information of around 1.2 million people included highly sensitive personal information such as passports, birth and marriage certificates, drivers’ licenses, academic transcripts, and security clearance documents.
The NBI and the BIR have earlier said none of their data was leaked online.
“Even though these agencies denied that there were data breached or leaks in their system, it is still important for Congress to probe this issue because it involves national security and the privacy of our citizens,” said Rep. France Castro (PL, ACT) in filing House Resolution No. 931.
Information Technology Secretary Ivan Uy has already said that there was no breach or “intrusion into any government system,” explaining that during a check by a cybersecurity researcher, it was discovered that there was an “open” application site which did not include adequate security features and allowed access to the personal information of applicants that have been uploaded to the site, such as copies of their NBI clearance, birth certificate, identification cards, tax identification number, among others.
Uy has said the incident was immediately reported to the DICT’s National Computer Emergency Response team and the site has been taken down.
Castro however said it was not the first time that a Philippine government database was “breached,” recalling that in March 2016, there was also a massive data breach of the Commission on Elections’ website – then dubbed as “Comeleaks” – exposing personal information of 55 million Filipino voters.
The Comelec’s website then was hacked and defaced by a group called “Anonymous Philippines.”
Castro also pointed out that in November 2021, the Department of Foreign Affairs – Office of Consular Affairs (DFA-OCA) took down its Online Passport Tracker and all its data sources to “avoid further data broadcasting” after it was made aware of the data privacy issue involving the online passport tracking system.
The information technology unit of the DFA conducted an investigation and took appropriate measures to secure the data that may have been exposed at the time.
The Makabayan bloc, which is composed of Castro and party-list Reps. Arlene Brosas (Gabriela) and Raoul Manuel (Kabataan), said cases of data breach, hacking of government databases and exposure of government records “pose a national security concern.”
“Especially with the implementation of Republic Act 11055 or the Philippine Identification System Act, Republic Act 11934 or the Subscriber Identity Module (SIM) Registration Act, and the proposed law on E-Governance/E-Government, the Filipino people questions the capability of the Philippine government and even the telecommunication companies, to handle and be entrusted with their personal information, including sensitive personal information,” they said.
