President Ferdinand Marcos Jr. has ordered the Department of Information and Communications Technology (DICT) to beef up its defense against cybercriminals, as he expressed concern over recent data leaks in government agencies.
“Yesterday, the President called up and he’s really very afraid of what’s happening here. And he actually told us that we should really beef up our defenses,” DICT Undersecretary Jeffrey Ian Dy said in an interview with Dobol B TV.
Dy said Mr. Marcos wants to know the technical details of the data breach incidents in government agencies.
“[The President said] we shouldn’t be reacting after the fact, we should be preparing before it happens,” Dy said, adding that Mr. Marcos committed to help the agency to fight cybercriminals.
Meanwhile, the Philippine Statistics Authority (PSA) said Friday that the perpetrators of the data breach on its Community-Based Monitoring System (CBMS) a week ago will soon be brought to justice.
In a statement, PSA said an investigation into the causes and scale of the incident is being conducted jointly with the DICT National Computer Emergency Response Team-Philippines (NCERT-PH), the Philippine National Police (PNP) Anti-Cybercrime Group, the National Bureau of Investigation (NBI) Cybercrime Division, and the National Privacy Commission (NPC) Compliance and Monitoring Division.
“The PSA and aforementioned partners are working tirelessly to prevent the further disclosure of data. Leads for the identification of the bad actors have been provided to the PNP and the NBI for further action,” it said.
Besides the Philippine Health Insurance Corp. (PhilHealth), Dy confirmed that the Philippine Statistics Office, the Department of Science and Technology, and the PNP were hacked.
According to Dy, there are some 10,000 experts’ data involved in the DOST hacking incident, while the PNP was an old issue.
In a separate statement, Renato Paraiso, spokesperson of DICT, said the NCERT collected relevant logs from the PSA for thorough analysis and is currently probing the extent of the data breach, and if personal identifiable information may have been compromised.
From the PSA’s initial assessment, Paraiso said the system allegedly affected by the breach is limited to the Community-Based Monitoring System.
“The DICT confirms that the incident at PSA was not a ransomware attack and that it is pursuing pertinent actions to apprehend the threat actor responsible for the data leak,” Paraiso said.
“As the DICT conducts its investigation of the logs obtained from PSA, the Department urges the public to refrain from sharing posts that contain links to the alleged PSA data samples,” he added.
Paraiso said the public is warned that those who click the said links could risk introducing malware to their devices, while those found guilty of sharing leaked data may face penalties under the Data Privacy Act of 2012.
“Further, we urge the public to implement cyber hygiene practices and remain vigilant against phishing and scam attempts,” he said.
Paraiso said the DICT reaffirms its willingness to continuously extend its support and provide technical assistance and advice to government agencies in addressing their cybersecurity challenges, with the hopes that said agencies would implement the recommendations forwarded by the Department.
“We would like to stress that individual government agencies still bear the principal responsibility of ensuring the protection and security of their computer systems, infrastructure, and sensitive data entrusted to them by the public,” he added.