The Philippine Statistics Authority on Thursday revealed that the data breach exposed the financial information of people from poor communities from the Community-Based Monitoring System, or CBMS.
During a television interview, PSA data protection officer Atty. Eliezer Ambatali said the CBMS holds confidential demographic data that is "not extensive."
For context, PSA said there was a data breach that occurred last week after an alleged hacker made claims on social media about the compromised system of the agency.
The state-run statistics bureau clarified that their investigation determined the data breach had a limited impact, primarily affecting a specific section of their database, specifically the CBMS.
The CBMS is a local-level data collection system that plays a crucial role in identifying households for the planning, budgeting, and execution of government initiatives. These initiatives encompass poverty reduction and economic development programs, including the Pantawid Pamilyang Pilipino Program.
The data breach at PSA occurred after a ransomware attack on the Philippine Health Insurance Corp.
As of Thursday morning, the CBMS webpage on the PSA's website remains unavailable, as the administrator has taken down specific sections that the data breach affected.
"There are demographic information in the CBMS. There are educational information. We have also collected financial characteristics not necessarily connected to an amount, and some others. For the demographic information, certainly these are confidential," Ambatali said.
"For the CBMS, it's not as extensive, the financial information, that's not extensive as the other surveys of the PSA. We collect non-income related characteristics relating to (the) financial status of our respondents," he added.
Asked about the possible motive of the perpetrators behind the cyber attack on PhilHealth, Ambatali said the intention seems to showcase or boast about their capability to carry out such cyberattacks.
Ambatali assured the public that data stored within the National Identification System and PSA's civil registry services remained unaffected by the purported hacking.
"We are confident that this attack will not affect the (Philippine Identification System), or the National ID and the civil registration databases. These databases and all other databases that (are) connected with the services of the PSA (are) not connected with the PhilSys, and the civil registration services," he said.
"In fact, we have already monitored even the non-affected (sectors), we have already monitored it, we have scanned it for some malicious activities, and we are employing right now additional security measures on all our systems," he added.