PSA probes 'data leak,' says nat'l ID and Civil Registry not affected

The Philippine Statistics Authority (PSA) on Wednesday said it is investigating the supposed data leak involving one of its systems.

In a statement, the PSA said upon learning about an information concerning an alleged data leak, it “immediately activated its Data Breach Response Team (DBRT) and launched an investigation.”

“From the initial assessment, the system allegedly affected is limited to the Community-Based Monitoring System (CBMS),” the statistics agency said.

It added that it “is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course.”

The CBMS is a data gathering system at the local level which serves as a basis in targeting households in the planning, budgeting, and implementation of government programs geared towards poverty alleviation and economic development, such as the flagship Pantawid Pamilyang Pilipino Program.

In response to queries, the National Privacy Commission (NPC) confirmed that the PSA submitted a breach notification on October 10, 2023.

The PSA, in particular, said it has coordinated with the Compliance and Monitoring Division of the NPC, the National Computer Emergency Response Team-Philippines (NCERT-PH) of the Department of Information and Communications Technology (DICT), and the Anti- Cybercrime Group of the Philippine National Police (PNP) in relation to this matter.

Sought for comment, DICT Secretary Ivan John Uy declined to divulge further details, adding that “I don’t want to compromise our current investigation on this development.”

Nevertheless, the PSA said it is taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the system known to have been affected.

Moreover, the statistics agency noted that it “assures the public that the Philippine Identification System (PhilSys) and the Civil Registration System (CRS) have not been affected.”

The data leak on PSA came on the heels of the ransomware attack on the Philippine Health Insurance Corp. (PhilHealth).

“The PSA warns the public that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts. Therefore, the public is strongly advised not to click on such links,” the statistics agency said.

“The PSA strongly condemns this activity, and we will be working with all law enforcement agencies to apprehend the perpetrators,” it said.

The PSA said it is committed to ensuring the integrity of its data and confidentiality of the information collected through its surveys, censuses, PhilSys and CRS.

“In line with this, the agency, in collaboration with all authorities, continues to maintain and strengthen its technical, organizational, and physical security measures,” it said. —KBK, GMA Integrated News