How to deal with leak of Comelec data, according to ICT rights group

Netizens on Thursday expressed concern and panic after an independent site launched a searchable database of alleged voter data from the Commission on Elections.

After issuing an apology on the leak, Comelec spokesperson James Jimenez asked the public not to use the site and search for their names.

Democracy.Net.PH, an internet and ICT (information and communications technology) rights advocacy organization, posted tips to help Filipinos from identity theft, given the personal information that have been brought out in the open.

Here are some tips as posted on their Facebook page:

• If you can do it safely, evaluate, through access of the website USING A PROTECTED NETWORK AND A PROTECTED COMPUTER (your firewalls and antivirus software should be properly updated), the degree of compromise by the publication of the database information.
• Knowing what are at risk, take immediate steps to strengthen online accounts.
• Immediately increase privacy and security levels for email accounts, banking and financial portals, social network accounts and other user interfaces. Wherever possible, enable 2-factor authentication (2FA) for your accounts.
• Immediately change all security questions and all answers to security questions to information that cannot be guessed from the compromised database.
• For example, change all “what is your mother’s maiden name” or “what is the name of the street you used to live in” to other security questions.
• For better account security, ensure the use of synonyms and alphanumeric combinations for answers; for instance, an answer “baguio” is better typed “bagu10",” or even better, “B@gu!0”.
• For even better account security, use misdirective or erroneous answers that are not difficult to remember; for instance, if you use the question “what was the name of your first pet?” use the name of a former boss or teacher.
• When possible, and through the use of the telephone, make arrangements for your banks and similar institutions to contact you prior to any transaction being allowed to go through, or to have a means of allowing you to authenticate your transaction.
• Take steps to ensure the security of personal information may be the subject of identity theft:
• As soon as practicable, secure your authenticated NSO birth certificate and other identity certificates, and renew your NBI clearance to have basic identity information in case of a challenge due to identity theft attacks.
• If possible, renew identity cards (e.g., PRC and other IDs), passports, and licenses, as these are the documents typically compromised by identity theft attacks.
• Instruct your local human resources representative or equivalent to be strict in the non-disclosure of your personal information without formal request and without your permission.
• Protect yourself from social engineering attacks:
• Do not open, share, or forward suspicious emails, or click suspicious links. Protect your computers with updated antivirus and firewall software.
• Do not share your personal information unless you absolutely trust the recipient.
• Share your cybersecurity practices with your family and friends; the weakest link in a social network is the one person who did not protect himself or herself.

Democracy.Net.PH added that in the event of a personal data privacy attack, social engineering attack, or cyberattack, contact the National Bureau of Investigation (NBI) Office of Cybercrime, the Philippine National Police Anti-Cybercrime Group (ACG), and the Privacy Commission as soon as possible.

Check out the information below:

DOST ICT Office
Office of Deputy Executive Director for Cybersecurity
Ground Floor, ICTO Building
Carlos P. Garcia Avenue
U.P. Campus, Diliman
1101 Quezon City
Tel: (632)920-0101 local 1200

National Bureau of Investigation
Cybercrime Division
Taft Avenue, Manila
Tel: (632)523-8231 to 38 local 3454, 3455
Email: ccd@nbi.gov.ph

Philippine National Police
PNP-ACG Operations Center
Camp Crame, Quezon City
Tel: (632)414-1560
Fax: (632)414-2199
Email: info@acg.pnp.gov.ph

DOJ Office of Cybercrime
Padre Faura Street
Ermita, Manila
Tel: (632)521-8345 and (632)524-2230
Email: cybercrime@doj.gov.ph

—NB, GMA News