Senator Ramon “Bong” Revilla Jr. filed Senate Resolution 573 which seeks to investigate the reported data breach in the databases of the Philippine National Police (PNP) and other government agencies.
“Without reliable and trustworthy cybersecurity measures in place, these reported data breaches remain to have the dangerous potential of exposing individuals to identity theft, phishing attacks, and a range of other malicious activities, which will ultimately victimize the public,” Revilla said.
He added that government agencies as well as private entities may very well be endangered by the susceptibilities of our cybersecurity if left inadequate.
The senator also said data breaches in government records may lead to potential national security issues.
If unabated, the exposed data may lead to nefarious transactions such as criminals taking advantage of the leaked data to blackmail and threaten law enforcers, Revilla said.
To support his proposal, Revilla cited VPNMentor, a cybersecurity research company, which reported that a staggering 1,279,437 records belonging to law enforcement agencies.
This included sensitive police employee information, which has been compromised in an unprecedented data breach. The report was authored by cybersecurity researcher Jeremiah Fowler.
Revilla further said the data hacking reportedly exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the PNP, NBI, BIR and Special Action Force (SAF).
“The possibly compromised records include highly sensitive data such as fingerprint scans, birth certificates, tax identification numbers (TIN), tax filing records, academic transcripts, and even passport copies,” said Revilla said.
He said the report even revealed that the said data were available for public access for at least six weeks
“The same report highlighted that these documents were stored in an unsecured, non-password-protected database, which is easily accessible to individuals with an internet connection and highly vulnerable to cyberattacks,” Revilla said.
Furthermore, Revilla also cited Kroll, an independent risk advisory firm which shared that enterprises in the Philippines are among the most vulnerable in the Asia-Pacific region to cyberattacks that cause business interruption and even data loss. “The country came in second with the most cyberattacks in the region,” said Revilla.
In a a similar report from virtual private network service provider, Surfshark, it said the Philippines ranked 23rd out of 250 countries that were most affected by data breaches, with a total of 523,684 leaked accounts in the third quarter of 2022.
The International Data Corp.’s (IDC) Asia-Pacific Security Sourcing Survey 2022 likewise highlighted that companies in Southeast Asia recognize the need to invest in cybersecurity in the advent of heightened usage of digital platforms in their operations.
The senator emphasized that similar data breaches have been recorded in the past with government agencies being vulnerable to said attacks. He recalled that last November 2021, the Department of Foreign Affairs (DFA) reported a similar data leak in their online passport tracking system.
He said the COMELEC has also revealed in 2022 that around “60 gigabytes’’ worth of “sensitive voter information” and other data have been hacked.
Before this, a group of hackers also downloaded the personal data records of some 54 million registered voters.
“The private sector is not spared from these attacks. They are equally vulnerable to cybersecurity threats. In fact, in November 2022, it was reported that nearly 80% of companies in the Philippines have experienced data breach over a period of 12 months, with two in every five firms losing at least $500,000 to digital fraudsters.
The Cavite lawmaker said data privacy and protection is a matter of national interest and it is imperative for Congress to enact responsive policies to deter possible data breaches.
