Cyber hacking of gov’t portals ‘concerning’ — Villar

Senator Mark Villar on Wednesday condemned the multiple cyber attacks against government agencies noting that it would compromise the privacy of Filipinos.

Following the alleged data leak weeks after the hacking of Philippine Health Insurance, Villar slammed the newest cyber attack against the Philippine Statistics Authority.

Villar lamented that hacking of the digital systems of government agencies "not only compromise the country's transaction processes with these agencies but also attacks endanger the safety and privacy of Filipinos."

"These cyber attacks against government agencies are very concerning. Every time an agency is subjected to these opportunist attacks, the information of the general public is put on the verge of being released into cyberspace where it could be utilized by the wrong hands for criminal activities," he stressed.

In stressing the need to strengthen the country's cyber security, Villar earlier filed Senate Resolution 811.

Due to the Medusa ransomware cyber attack against the state's health insurer, the resolution directed the appropriate Senate Committee to conduct an inquiry into the series of hacking of the government websites.

"It is high time that we strengthen our cyberspace security as we are dealing with private and delicate information that could endanger, not just one institution, but of the general Filipino public," said Villar.

Villar's statement came after the Deep Web Konek, a group dedicated to posting "dark web" activities, reported that a "threat actor" posted on Facebook on 9 October about an alleged data leak from PSA servers.

An alleged data breach reached around 42 billion files, according to the group.

"The threat actor's goal is not to disclose the critical information from the records but to use a sample of the record database to give awareness that the security of the Philippine Statistics Authority was at some point compromised in the past and is probably still," it said.

The DWK warned that the data leak massively compromises the integrity of the security of information not only in the PSA "but also in any related government agency that contains sensitive data and information about the identities of the Filipino people."

In a statement Wednesday, the PSA said it has launched an investigation into an alleged data leak and is assessing what personal data may have been compromised.

The PSA said it has already coordinated with the Compliance and Monitoring Division of the National Privacy Commission, the National Computer Emergency Response Team-Philippines of the Department of Information and Communications Technology, and the Anti-Cybercrime Group of the Philippine National Police amid the alleged data leak.

Based on its initial assessment, PSA said the Community-Based Monitoring System was allegedly affected. Hence, it is further assessing what personal data from the CBMS may have been compromised.

PSA vowed it would "share information with the relevant authorities and the public in due course."

"The agency is taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the system known to have been affected," it said.

The PSA also stressed that the Philippine Identification System and the Civil Registration System have not been affected by the alleged hacking.

The PSA meanwhile warned the public "that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts."

"Therefore, the public is strongly advised not to click on such links. The PSA strongly condemns this activity, and we will be working with all law enforcement agencies to apprehend the perpetrators," it said.