Metro Manila (CNN Philippines, April 21) — The Department of Information and Communications Technology (DICT) on Friday gave assurance there has been no hacking incident, denying reports of a “massive” breach of data concerning several government agencies.
“We need to inform the public there is no hacking incident. And there is no massive breach of multiple government agencies,” DICT Assistant Secretary Jeffrey Ian Dy told CNN Philippines in reaction to the alleged leak of over 1.2 million employee and applicant records of various institutions.
“That means a misconfiguration has caused some information to be accessible to the public. So [i]t was sitting there and it became accessible to anyone who was looking around. It was not an attempt to break security protocols of that particular government agency,” he explained.
In a report on vpnMentor, cybersecurity researcher Jeremiah Fowler said a database containing records of law enforcement agencies had been exposed for a minimum of six weeks. He warned it could be used in criminal activities and carries security risks.
The leaked documents reportedly include personal information like names, addresses, contact details, and medical records of public officials and employees.
RELATED: NPC probes ‘massive leak’ of gov’t personnel data
Dy said authorities have already identified a possible source of the leak, but did not give further details amid the ongoing investigation.
He added the government is looking at the incident “very seriously.”
“I think let’s remove the mindset na [that] when there was a leak or a breach, it’s because there were insufficient, parang may [there was some] incompetence somewhere,” the DICT official stressed.
“I understand that this is very very unfortunate but nangyayari talaga siya. So we assure the public, ang importante is we should still trust cyberspace.”
[Translation: I understand that this is very very unfortunate but this really happens. So we assure the public, the important thing is we should still trust cyberspace.]
Several government agencies tagged in the report – including the Bureau of Internal Revenue, the Civil Service Commission, and the National Bureau of Investigation – have said they found no breach within their agencies.
