The Philippine Statistics Authority (PSA) confirmed on Wednesday, Oct. 11, that its IT system was hacked but claimed the breach was only limited to its Community-Based Monitoring System (CBMS) based on its initial assessment.
In a statement, the PSA said it is assessing what personal data from the CBMS may have been compromised and vowed to share information with the relevant authorities and the public due time.
“The agency is taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the system known to have been affected,” it said.
The PSA assured the public that the Philippine Identification System (PhilSys) and the Civil Registration System (CRS) have not been affected.
The information on the data breach first cropped up on Oct. 7 when it posted by an unknown individual on social media. This triggered the PSA to activate its Data Breach Response Team (DBRT) and launched an investigation.
It then posted a data breach notice on Oct. 10 with the Compliance and Monitoring Division of the National Privacy Commission (NPC), and coordinated with the National Computer Emergency Response Team-Philippines (NCERT-PH) of the Department of Information and Communications Technology (DICT), and the Anti- Cybercrime Group of the Philippine National Police (PNP).
The incident comes after the massive hacking attack launched against PhilHealth, another government agency, in late September and celebration of the Cybersecurity Month this October by the DICT.
The PSA warned the public that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts.
“Therefore, the public is strongly advised not to click on such links,” the agency said, adding that it is now working with law enforcement agencies to apprehend the perpetrators.
“The PSA is committed to ensuring the integrity of its data and confidentiality of the information collected through its surveys, censuses, PhilSys and CRS,” it said.
