THE DEPARTMENT of Information and Communications Technology (DICT) confirmed on Wednesday that it is now investigating another cyberattack, this time on the Philippine Statistics Authority (PSA). Separately, the National Privacy Commission (NPC) said it received a breach notification from the PSA on Tuesday.
Based on its initial assessment, the PSA said its community-based monitoring system (CBMS) has been compromised. “The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course,” it added.
But the PSA assured the public that its Philippine Identification System (PhilSys) and the Civil Registration System (CRS) have not been affected by the breach.
At present, the agency is implementing additional preventive measures to ensure the security of all its systems and databases.
“The PSA immediately activated its Data Breach Response Team (DBRT) and launched an investigation. The PSA has coordinated with the Compliance and Monitoring Division of the NPC (National Privacy Commission) and the National Computer Emergency Response Team-Philippines (NCERT-PH) of the DICT,” the PSA said in a statement.
PHILHEALTH PERSONAL DATA LEAK CONFIRMED
Meanwhile, the NPC said its complaints and investigation division has completed the analysis of over 600 gigabytes worth of files that had been taken from Philippine Health Insurance Corp. (PhilHealth) data breach.
“It was determined that a portion of this data dump contained personal and sensitive personal information of PhilHealth members,” NPC said.
The NPC urged personal information controllers (PICs) and personal informations processors (PIPs), banks and non-financial institutions, hospitals and public telecommunications entities to be on heightened alert in determining fraudulent and possible use of counterfeit PhilHealth IDs.
To recall, the Information and Communications Technology department said data on millions of PhilHealth members were exposed in the PhilHealth data breach.
In September, PhilHealth was hit by a ransomware attack, with the hackers demanding $300,000 from the government in exchange for decryption keys to the data that had been held hostage.
Earlier this month, the hackers started publishing personal data including employee records, pictures, payroll details, and hospital bills. — Ashley Erika O. Jose
