"This one is really alarming."
"This one is really alarming."
Netizens have called on National Privacy Commissioner Raymond Liboro to investigate a possible breach of the LTO data base after complaints were raised that the website lisensiya.info has apparently been able to falsely associate (connect may be a better description) itself to that agency's data base.
Complainants reported that this site has insinuated a "driver's license authenticator" and a "motor vehicle authenticator" which through the mere input of a driver's license number or a motor vehicle number would trigger the showing of sensitive information they claim to be accurate and which would otherwise be available only in the secure LTO data base.
These types of information include data on the make, plate number, engine and chassis numbers, registration expiry date and name of the owner are precisely what the LTO collects from motorists during registration.
This breach, if proven true, is alarming, coming as it does in the wake of similar breaches of otherwise secure data bases in both government and the private sector. We have had reports of the hacking of such sites as those of the BDO and BPI, the two biggest banks in the country, causing undue harm to thousands of depositors and cries for more and better security protocols from the banking public.
Of course, we cannot forget the breach of the COMELEC database which saw the release of millions of voter-sensitive information just a week or two before the 2016 elections. Again, despite loud cries of better security protocols needed to be put in place, we got reports of continued hacking, triggering the unwarranted release of information from agency sites such as those of the DOH and DTI as well as government financial institutions such as the Land Bank, SSS and GSIS, to name the more recent ones, all of which contained loads of sensitive personal information.
We note that any breach of information from any site, big or small, raises all kinds of alarm bells as the same can be misused to endanger lives and properties. In the case of the banks, It can even lead to deaths and degrading of a nation's security.
We are therefore not surprised to note that as of this writing, there is information that the Privacy Commission has confirmed what netizens had suspected all along – the website lisensiya.info had neither a privacy office nor contact details of its owners. Interestingly, the same report advised that this rogue site became inaccessible almost at the same time that the real LTO site, lto.net.ph, was also down. Which brought us back reeling to the ground. What's happening here?
That uncanny coincidence has raised greater alarm on the state of our data privacy protocols and monitoring systems. These should be seriously and comprehensively investigated by Liboro and company. But it’s a feat which may not be possible anytime soon given the kind of tokenism and meager funding which have been afforded that office and our technology security enhancement efforts for sometime. It is about time we gave this sector more and proper attention before we open ourselves to serious breaches which may bring harm to our citizens and untold mayhem to our country and our way of life.
If that means getting the NBI and PNP cybercrime units in an all-out
effort to get to the bottom of this breach to bring public confidence back in our competence and efficiency in the fight against cyberthieves, here and abroad, so be it. If that means putting the DICT and all our data officers in both public and private sectors to such a level of competence and, yes, security assessment levels as in the more advanced countries, so be it.
If that means informing and educating the public about the dangers which cyber criminals can inflict on them and the country as a whole, then by all means let us provide the means to do so. In a word, let us not scrimp or spare anything to make our entry into the global technology world secure and life enhancing not a giant leap into the abyss.
