The Philippines is facing an alarming rise in cyberattacks as artificial intelligence (AI)–driven deception and data leaks fuel a wave of digital crimes against individuals and institutions.
According to Viettel Cyber Security’s Q3 2025 Cyber Threat Landscape Report, the country saw a 49% increase in data breaches from the previous quarter, with more than 52 million user credentials exposed between July and September 2025.
Released in time for Cybersecurity Awareness Month, the report marks the first time a private cybersecurity firm has issued a quarterly threat assessment focused solely on the Philippines — underscoring growing concern that the country’s rapid digitalization is outpacing its cybersecurity readiness.
“Cybersecurity isn’t about fear, it’s about foresight,” said Thomas Luu, Viettel Cyber Security country manager. “As the Philippines accelerates toward digitalization faster than ever, the importance of security must not be overlooked. Innovation without protection only increases vulnerability. Cybersecurity is not a cost — it’s an enabler of sustainable digital growth.”
The report warns that AI and deepfake technologies are transforming the landscape of cybercrime. Criminals now use AI-generated videos, cloned voices, and fake executive communications to deceive employees, partners, and customers.
These tactics, coupled with AI-assisted malware, have made attacks more precise and harder to detect — signaling what the firm calls “an era of industrialized deception.”
Key findings from Q3 2025 include:
- 76 data breach incidents, up 49% from the previous quarter.
- 4.3 million compromised accounts, a 73% rise from Q2.
- 7,656 phishing attacks, 31% targeting the banking and finance sectors.
- 27 new software vulnerabilities affecting commonly used workplace platforms.
The healthcare industry emerged as the most targeted sector, driven by the value of patient data and the rise of digital health systems.
Hospitals and clinics have become prime targets for ransomware attacks that can paralyze operations and compromise medical records.
The finance and e-commerce sectors also continue to face persistent phishing, credential theft, and data exfiltration.
Meanwhile, manufacturing, energy, and public service providers are increasingly exposed to ransomware, supply-chain compromises, and advanced persistent threats (APTs).
Beyond large organizations, ordinary Filipinos are also falling victim. Stolen personal data are being reused in fake job listings, e-commerce scams, and fraudulent loan applications.
Small businesses have been hit with phishing invoices disguised as messages from legitimate suppliers, while individuals who reuse passwords are at heightened risk.
Viettel Cyber Security urged both government agencies and private firms to adopt a proactive and layered approach to cybersecurity, centered on:
- Regular patching and software updates to eliminate known vulnerabilities.
- Offline data backups and disaster recovery plans to ensure business continuity.
- Employee training to strengthen human defenses against phishing and scams.
- 24/7 threat monitoring or the use of managed Security Operations Center (SOC) services for rapid response.
