Hundreds of thousands of documents from the Office of the Solicitor General (OSG) containing sensitive information were made accessible to the public in a data breach last month, a British cybersecurity firm said.
According to TurgenSec Ltd., some 345,000 documents were accessible to anyone with a browser and internet connection until April 28, 2021.
It said the files included staff training documents, internal passwords and policies, staffing payment information, and financial processes and audits.
According to its website, TurgenSec is based in London and offers "top information security products."
GMA News Online has reached out to the OSGeneral for comment via email, but no response has been received as of posting time. It has also reached out to the National Privacy Commission (NPC), but a representative was not immediately available for comment.
For its part, the Department of Justice (DOJ) said it has not received official information on the supposed data breach, but it will be ready to assist the OSG which it said is already looking into the reported incident.
"I understand that the OSG is now looking into this alleged data breach. The DOJ has not received any such information through official channels but will be ready to assist the OSG, if necessary," Justice Secretary Menardo Guevarra said on Monday.
TurgenSec said the several hundred files were also titled with presumably sensitive keywords such as "private," "confidential," "witness," and "password."
Broken down, TurgenSec found that most of the files or 93,677 were under the PDF format; 64,245 were documents; 683 were powerpoints; 36,731 were spreadsheets, and 567 were database dumps.
In terms of sensitive keywords, 165 contained "private"; 108 had "witness"; 28 had "confidential"; 27 had "password"; and five had "strategy."
For sensitive topics, 753 were reportedly involving the "Opposition" and 63 on "Pangilinan," but was not clarified if it was indicating Senator Francis "Kiko" Pangilinan who heads the Liberal Party.
Other sensitive topics include rape (774); execution (437); child (143); trafficking (135); abuse (123); weapon (48); quarantine (29); COVID (28); NICA/intelligence (10); military (four); and nuke (one).
"This data breach is particularly alarming as it is clear that this data is of governmental sensitivity and could impact on-going prosecutions and national security," TurgenSec said in a writeup on its website.
"An unknown third party has this data and it is likely now in the hands of malicious actors who would do considerable damage with it if mitigation steps are not taken," it added.
TurgenSec said it emailed the SolGen and the Philippine government on March 1 and March 24, but it did not receive any response.
"The breach was closed by the 28th of April, presumably using information provided by TurgenSec," the British firm said. —KBK, GMA News