A reported cybersecurity incident involving the Department of Public Works and Highways (DPWH) is under investigation following claims that up to 50 gigabytes of sensitive data may have been compromised.
The alert was flagged by cybersecurity group Deep Web Konek, which reported that the DPWH appeared on a ransomware leak site linked to Bashe Ransomware (APT73).
The group claimed to have extracted around 50GB of data, including internal documents, emails, financial records and personal information.
The listing reportedly included a countdown timer indicating when the data could be released or sold, along with sample files such as identification cards and official records intended to support the claim.
The incident is believed to involve a “double extortion” tactic, in which stolen data is both threatened with public release and offered for sale.
DPWH Secretary Vince Dizon said the agency has coordinated with the Department of Information and Communications Technology (DICT) to assess the situation.
The DICT, through the Cybercrime Investigation and Coordinating Center, has launched an investigation into the alleged ransomware activity.
Dizon said initial findings indicate that DPWH’s internal systems remain secure, with no confirmed evidence that files were accessed or exfiltrated.
Authorities have yet to issue a final determination as verification continues.