A CYBER expert trying to help government discovered last January that there was an unprotected database containing more than a million identity documents, private records, management memorandums, and directives involving officials, personnel, and applicants in the Philippine National Police (PNP).
Jeremiah Fowler of the vpnMentor website, who realized the potential harm the situation may bring to the government and the public, promptly notified the authorities about the anomaly. The public’s access to the site was restricted only six weeks following Fowler’s notice.
The report said a staggering 1,279,437 records of the Philippine National Police, the National Bureau of Investigation, Bureau of Internal Revenue, Civil Service Commission, and PNP Special Action Force comprising 817.54 gigabytes have been compromised. It said the breached data included fingerprint scans, birth and marriage certificates, educational records and transcripts, diplomas, tax filing records, passports, and police IDs.
‘This incident shows the need for government offices to maintain top security for all data they handle, specially those who have had experience in being hacked, such as the Commission on Elections and the Presidential Communications Office.’
The vpnMentor is a team of 257 cybersecurity researchers, writers and editors, formed in 2014 to helping take back online freedom. The members are based in over 20 countries all over the globe and they work with data privacy agencies and computer emergency response teams to identify cyber-threats and help protect data of businesses and organizations.
This report is totally concerning because the alleged data breach was “readily accessible to individuals with an internet connection” and vulnerable to cyberattacks or ransomware.
Needless to say, law enforcement officers are at risk when their personal documents are exposed, but private persons and organizations also stand to suffer with their identities and bank accounts open to scammers.
“Any data breach that exposes personal information belonging to police and members of law enforcement or other officials can be dangerous. Individuals whose data is exposed could be potential victims of identity theft, phishing attacks, and a range of other malicious activities,” Fowler said.
“The availability of government records in an unsecured database raises concerns about potential national security issues. The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes,” he added.
Official response from the PNP on this potential cyberspace disaster came from Anti-Cybercrime Group Director Police Brig. Gen. Sidney Hernia, who said the cybercrime unit is still conducting vulnerability assessment and penetration testing. He said they cannot categorically say at this time that there was leaked applicants’ data, so they requested the complete logs from the PNP Recruitment and Selection Service (PRSS) for evaluation.
This incident shows the need for government offices to maintain top security for all data they handle, specially those who have had experience in being hacked, such as the Commission on Elections and the Presidential Communications Office. A forensic audit of all government-owned public data is in order, whether vpnMentor advised this or not.