Over 1 million records from NBI, PNP, other agencies leaked in huge data breach

By: Sofia Abrogar - @inquirerdotnet - Inquirer.net | April 19,2023 - 03:50 PM

MANILA, Philippines — A total of 1,279,437 records from law enforcement agencies, including police employee records, were left exposed in a massive data breach, according to a report published by cybersecurity research firm VPNMentor on Tuesday.

The breach was of an unprotected database containing 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), Special Action Force Operations Management Division, and Civil Service Commission.

Exposed records include personal information such as fingerprint scans, birth certificates, tax identification numbers (TIN) and tax filing records, educational transcript records, and passport copies.

Internal directives addressing law enforcement officers were also exposed in the data breach.

“As an example, these would be orders from the top leadership of how to enforce what laws and what gets priority or additional training that is needed etc… I cannot further confirm or verify the accuracy or authenticity of these documents contained within this database. As such, I cannot guarantee that the contents of the documents are accurate or reliable,” writes cybersecurity researcher Jeremiah Fowler, who authored the report.

Fowler reported that these government documents were stored in an unsecured, non-password-protected database “readily accessible to individuals with an internet connection” and left vulnerable to potential cyberattacks or encryption via ransomware. While Fowler recorded no current indication of such attacks, he emphasized that law enforcement officers are endangered when their personal documents are left in the open.

“Any data breach that exposes personal information belonging to police and members of law enforcement or other officials can be dangerous. Individuals whose data is exposed could be potential victims of identity theft, phishing attacks, and a range of other malicious activities,” stressed Fowler.

“The availability of government records in an unsecured database raises concerns about potential national security issues. The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes,” he added.

This database was left exposed for a minimum of six weeks, according to the report. However, Fowler recommended that a full forensic audit be conducted to “fully understand the extent and impact of the breach.”

ACG Public Information Officer Capt. Michelle Sabino told INQUIRER.net that the group has yet to validate the research firm’s report.

INQUIRER.net has requested further comments from the PNP, but has yet to respond as of posting time.

RELATED STORIES:

PH firms among most vulnerable to cyberattacks, says Kroll report

Balancing cybercrime prevention and data privacy

Indonesia probes suspected data breach on COVID-19 app

JPV
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Read Next

Disclaimer: The comments uploaded on this site do not necessarily represent or reflect the views of management and owner of Cebudailynews. We reserve the right to exclude comments that we deem to be inconsistent with our editorial standards.

TAGS: breach, data, NBI, PNP, Records
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our regional newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.