DICT’s cybersecurity arm probes PNP, NBI database breach

The Department of Information and Communications Technology (DICT) is now investigating the alleged data breach involving the database of law enforcement agencies.

In a statement on Thursday, the DICT said through the Philippine National Computer Emergency Response Team (NCERT) of its Cybersecurity Bureau, it “has doubled down on its investigation on the matter.”

The agency said the NCERT started its investigation on the alleged breach after receiving links to an Azure blob storage containing sample photos of IDs, including Philippine National Police (PNP) and National Bureau of Investigation (NBI) clearances, from a security researcher last February 22, 2023.

“The said security researcher did not disclose to NCERT the source of the data and what information asset was compromised,” the DICT said.

“Further, the information sent by the security researcher is identical to what was reported by Mr. Jeremiah Fowler and which has since been credited by recent news reports,” it added

According to a report from Fowler of vpnmentor.com, a supposed leak from the PNP database comprised details of 1.2 million records of employees and applicants.

Leaked data include documents of academic and personal history such as birth certificates, educational record transcripts, diplomas, tax filing records, passports, and police identification cards.

Copies of fingerprint scans, signatures, and required documents were also found.

“The NCERT provided an incident report regarding the alleged breach to both the PNP and the NBI between 3 – 23 March 2023,” the DICT said.

The agency said it considers the incident as a “grave concern that threatened the confidentiality, integrity, and privacy of user data.”

“The Department assures the public that investigation on the matter is underway,” it said.

The DICT also urged all government agencies to increase its cybersecurity measures and to coordinate with them for further capacity building in this area.

“Cybersecurity should be a concerted effort of everyone and all agencies are encouraged to seek assistance to help secure their respective cyber assets,” it said.—AOL, GMA Integrated News