As reported by vpnMentor earlier this week, cybersecurity researcher Jeremiah Fowler discovered a non-password protected cloud storage database involving Filipino students and parents that contained 210,020 records, with a total size of 153.76 gigabytes.
Cybersecurity and data protection communities are calling on the Philippine government to expedite the implementation of the National Cybersecurity Plan 2023-2028 to protect Filipino citizens, and the country’s Critical Information Infrastructure (CII) from global and local cyber threats.
The government is working on a plan called Overhaul Greenhills Project (OG Project) to eliminate stores selling counterfeit goods in the Greenhills Shopping Center and convert it into a high-end mall with legitimate sellers.
To craft a more equitable copyright system, the Supreme Court (SC) has recommended that exemptions for small businesses be considered by Congress in addition to the existing limitations in copyright infringement cases under the Intellectual Property Code of the Philippines (IP Code).
Saying it is the first such initiative it has undertaken, the National Privacy Commission (NPC) has launched the "Na-leak ba ang PhilHealth Data ko?", a database search portal designed to help individuals verify the status of their personal information in light of the recent hacking incident against PhilHealth.
The National Privacy Commission (NPC) issued on Wednesday, Oct. 11, a “guidance” for Personal Information Controllers (PICs) and Personal Information Processors (PIPs) on the potential proliferation of counterfeit PhilHealth IDs as a result of the data leak at the agency.
The National Association of Data Protection Officers of the Philippines (NADPOP) and the Philippine Computer Emergency Response Team (PH-CERT) said regulators should already anticipate the worst-case scenario as it is better to warn Filipino consumers as soon as possible as the threat actors can already exploit the illegally accessed personal information.
While it is commendable that PhilHealth is now being transparent about the cyberattack, it is concerning that their DPO and action center utilized email addresses with @gmail.com domains for their official functions.