The Land Transportation Office has denied that the data leak, which the National Privacy Commission is investigating, comes from the current web portal the agency is using for its Land Transportation Management System or LTMS.
The transportation agency said lawyer Romeo Vera Cruz, the concurrent Executive Director and Data Privacy Officer of the LTO reported the data breach to the National Privacy Commission on November 10, 2020.
LTO Director Asst. Secretary Edgar Galvante said the website LTO currently using for the LTMS is portal.lto.gov.ph, with “.gov.ph” as the standard domain suffix the Philippines uses for all government agencies. The website involved in the data breach is “lto.net.ph.”
A quick search on the internet revealed that the person who registered the domain name “lto.net.ph” is a certain Jefferson E. Trono and the registered company is Stradcom Corporation.
LTO is using two parallel systems at the moment; Stradcom (lto.net.ph), the IT company that handled the data of the LTO in the past and operating on a monthly basis because of an expired contract, and a new IT service provider operating the LTMS at portal.lto.gov.ph. LTO has yet to clarify why Stradcom is still in operation and why they are allowed to be in the official website of the LTO. The Stradcom domain is the one connected to the current data breach.
LTO has assured the NPC that they will cooperate with the investigation and plug the data leak immediately. The LTMS site, portal.lto.gov.ph, is secure and will have no issues when it comes to user privacy, Galvante said.