PNP employees records, directives leaked in ‘massive’ data breach, cybersecurity researcher says

A cybersecurity website reported about a supposed leak from the Philippine National Police (PNP) database which compromised details of 1.2 million records of employees and applicants. 

According to a report from Jeremiah Fowler at vpnmentor.com, the leaked data include documents of academic and personal history.

These include birth certificates, educational record transcripts, diplomas, tax filing records, passports and police identification cards. Copies of fingerprint scans, signatures, and required documents were also found.

These were from different agencies like the PNP, National Bureau of Investigation (NBI), Bureau of Internal Revenue, Special Action Force Operations Management Division,  and Civil Service Commission, amongst others.

Also contained in the leaked database were letters from court and municipal mayors’ offices recommending good moral character and certifying clear criminal records of individuals.

Some documents also contained tax identification numbers (TIN).

According to Fowler, documents of internal directives addressing law enforcement officers were also found in the leaked data.

He said any data breach that exposes personal information of law enforcement members can be dangerous.

“The availability of government records in an unsecured database raises concerns about potential national security issues,” Fowler said in his report.

“The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes,” he added.

Fowler said concerned individuals could be potential victims of identity theft, phishing attacks, and a range of other malicious activities.

He added that criminals may use their identities for loans, credit, or other financial crimes using the identities of these individuals and supporting documents.

PNP’s Anti-Cybercrime Group (ACG) chief Police Brigadier General Sidney Hernia said they cannot yet confirm the data breach but their personnel are now conducting an assessment on the matter.

“We cannot categorically say at this time that there was a leaked applicants data. We are still conducting vulnerability assessment and penetration testing,” he said in a statement.

“We also requested complete access logs from [PNP Recruitment and Selection Service] to evaluate those logs,” he added. —VAL, GMA Integrated News