Data breaches in the Philippines surged by 49 percent in the third quarter of 2025, exposing over 52 million credentials in just three months, according to a report from Viettel Cyber Security, one of Asia’s leading cybersecurity firms.
The increase comes as the nation accelerates its digitalization efforts, with Viettel Cyber Security country manager Thomas Luu, cautioning that security should not be overlooked.
“Cybersecurity isn’t just a safeguard—it’s an enabler of sustainable digital growth,” Luu said.
“Organizations who innovate without the necessary protection in place become vulnerable to risks,” he said.
Viettel’s Q3 2025 Cyber Threat Landscape Report highlights a new wave of attacks driven by artificial intelligence and deepfake technologies.
Cybercriminals are using AI-generated videos, cloned voices and fake executive communications to deceive employees and partners, making attacks faster, more targeted and harder to detect.
The healthcare sector has emerged as the top target, led by the value of patient data and the growing adoption of digital health systems.
Hospitals and clinics are frequently hit by ransomware attacks that disrupt critical operations and compromise sensitive medical information.
Other sectors facing heightened risk include finance and e-commerce, which are exploited through phishing, credential theft and data exfiltration. Manufacturing, energy and public services are most exposed to ransomware, supply-chain compromises and advanced persistent threats (APTs).
Beyond large institutions, ordinary Filipinos are increasingly becoming victims. Leaked personal data is being reused in fake job listings, e-commerce scams and fraudulent loan applications. Small businesses are being targeted with phishing invoices disguised as messages from legitimate suppliers.
To combat these evolving threats, Viettel Cyber Security recommends a four-pronged strategy for companies: regular patching and software updates, maintaining offline data backups supported by clear disaster recovery procedures, continuous employee training to minimize human error and round-the-clock threat monitoring or the use of managed Security Operations Center (SOC) services for early detection.
“Cybersecurity has become a marker of leadership and trust, especially in an increasingly digital economy,” Luu said.
