DICT identifies suspect in PSA data leak 

The Department of Information and Communications Technology (DICT) has identified the suspect behind the data breach that targeted the Philippine Statistics Authority (PSA), an official said Thursday.

DICT spokesperson Renato Paraiso confirmed the PSA suffered from a cyberattack, but they have yet to investigate the extent of the data leak.

“The one in PhilHealth is with Medusa. It’s a foreign and very sophisticated group. With the PSA, our suspect is somewhat local and somewhat amateurish,” Paraiso told reporters.

Data protection officer Atty. Eliezer Ambatali earlier disclosed the PSA system had been hacked, leading to a data breach of their Community-Based Monitoring System (CBMS).

The CBMS is a data-gathering system at the local level that serves as a basis for targeting households in the planning, budgeting, and implementation of government programs.

These programs cover poverty alleviation and economic development programs such as the Pantawid Pamilyang Pilipino Program (4Ps).

"There is demographic information in the CBMS. There is educational information. We have also collected financial characteristics, not necessarily connected to an amount, and some others,” Ambatali said.

According to Ambatali, the PSA learned about the data leak through a Facebook post by a user who allegedly has the concerned files.

He said the post contained some links to a drive that contains CBMS files and other links that may contain malware.

The PSA data leak came following the ransomware attack on the Philippine Health Insurance Corp. (PhilHealth).

Asked if the DICT is seeing a pattern in the hacking, Paraiso answered, “What I can confirm that we have observed is that there are definitely efforts to try and hack in and infiltrate our systems.''

“What we equally observed is marami rin nagsasamantala na individual na kunyari may na-hack na ganito…We would like to ask the public to be very vigilant and huwag masyadong magpanic. We would be very transparent; if there is an actual attack that happened, as long as we confirm it, we will tell the public right away,” he added.

(What we equally observed is that a lot of people are taking advantage of the situation. We would like to ask the public to be very vigilant and don’t panic. We would be very transparent; if there is an actual attack that happened, as long as we confirm it, we will tell the public right away.)

Paraiso also said the DICT is investigating “every angle” of the cyberattacks, including inside jobs.

“Every angle that we can come up with, we would look into, including the angle if it was an inside job,” he said.

“But again, we would be very hard-pressed to pursue any angles if the individual agencies would withhold or access data from DICT. So the extent of our report and the extent of our findings would be very limited,” said Paraiso.

The DICT official also advised the public to change passwords with unique passwords, enable multi-factor authentication on accounts, refrain from sharing personal information online, avoid clicking phishing links on emails and text messages, and use different passwords on various online accounts.

PhilSys data ‘safe’

Meanwhile, the PSA said the data on the Philippine Identification System (PhilSys) were safe from the attack, Joseph Morong reported on ''24 Oras.''

“It’s safe. Walang malaki na mga files na suspected na lumalabas sa mga databases na ito,” Ambatali said.

(It's safe. There are no important files that were allegedly leaked from the databases.) 

Services related to PhilSys and the civil registry, including birth certificates, will continue, the PSA added. —VBL, GMA Integrated News