On October 8, Sunday, an actor on Facebook posted download links to data files belonging to the Philippine Statistics Authority (PSA), and potentially the Department of Science and Technology’s (DOST) OneExpert system, and the Philippine National Police (PNP) Forensic group.
The Philippine Statistics Authority released an official statement on Wednesday afternoon, Oct. 11, acknowledging the alleged data breach and leak.
The PSA stated that they immediately activated its Data Breach Response Team (DBRT) and launched an investigation. They also stated that they are coordinating with the National Privacy Commission (NPC), the National Computer Emergency Response Team-Philippines (NCERT-PH) of the Department of Information and Communications Technology (DICT), and the Philippine National Police Anti-Cybercrime Group (PNP ACG).
Based on its initial assessment, the PSA said the breach appears to be limited to the Community-Based Monitoring System (CBMS) and that the Philippine Identification System (PhilSys) and the Civil Registration System (CRS) have not been affected.
In the same series of Facebook posts, the actor published download links to potential data from the One Expert portal of the Department of Science and Technology (DOST), a Web-based nationwide pool of science and technology experts.
Researchers who examined the files found entries matching the public full names of some experts on the Web portal and contained private email addresses. Another file referring to “clients” contained full names, regions, and e-mail addresses.
A download link to an archive file referring to the Philippine Forensic Group was also published in the same posts, and may contain sensitive data.
Contacts at DOST, NCERT-PH, the PNP Anti-Cybercrime Group and Forensic Group have been made aware of these additional potential leaks.
Researchers also found that the links posted by the Facebook actor contained malware, and are hosted on a website notorious for delivering multiple forms of malware.
The public is highly discouraged from visiting the file download links, as they themselves may become infected by dangerous malware just by opening the links and in turn become victims.
By downloading the data, they may also violate the Data Privacy Act of 2012 and Cybercrime Prevention Act of 2012. Moreover, illicit files downloaded from leaks by hackers may themselves contain malware and infect those who download them.