MANILA, Philippines —A staggering 1,279,437 records belonging to law enforcement agencies, including sensitive police employee information, have been compromised in an unprecedented data breach, as revealed by a report from the leading cybersecurity research company VPNMentor on Tuesday.
The massive data hack, which exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF), has put the personal information of millions of Filipinos at risk.
Exposed records encompass highly sensitive data such as fingerprint scans, birth certificates, tax identification numbers (TIN), tax filing records, academic transcripts, and even passport copies.
By infosecbulletin
/ Tuesday , October 29 2024
The Indian Cyber Crime Coordination Centre (I4C) has warned about illegal payment gateways set up by transnational cyber criminals using...
Read More
By infosecbulletin
/ Monday , October 28 2024
With a festive look and the participation of more than one hundred participants from Bangladesh cyber industry, another successful cyber...
Read More
By infosecbulletin
/ Monday , October 28 2024
Fazle Hassan Anik hacked girls' Facebook accounts to steal sensitive pictures, which he used to blackmail them for money. He...
Read More
By infosecbulletin
/ Sunday , October 27 2024
Bangladeshi Social media posts have raised concerns about unauthorized withdrawals from bank accounts, affecting at least 7 to 8 people...
Read More
By infosecbulletin
/ Friday , October 25 2024
Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 115,000 records linked to the UN Trust Fund to End Violence...
Read More
By infosecbulletin
/ Friday , October 25 2024
Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being...
Read More
By infosecbulletin
/ Wednesday , October 23 2024
White hat hackers at the Pwn2Own Ireland 2024 contest by Trend Micro's Zero Day Initiative earned $500,000 on the first...
Read More
By infosecbulletin
/ Tuesday , October 22 2024
In today's rapidly changing cybersecurity environment, organizations encounter numerous complex threats targeting endpoints and networks. CrowdStrike and Fortinet have partnered...
Read More
By infosecbulletin
/ Tuesday , October 22 2024
Sophos, based in the UK, is to acquire Secureworks, a Nasdaq-listed company, for $859 million in cash from Dell Technologies....
Read More
By infosecbulletin
/ Monday , October 21 2024
The Internet Archive was breached again, this time through their Zendesk email support platform, following warnings that threat actors had...
Read More
Sample of a criminologist accreditation, police clearance form, and BIR identification card, all available on the exposed database.
Sample of a criminologist accreditation, police clearance form, and BIR identification card, all available on the exposed database.
Internal directives addressing law enforcement officers were also exposed in the data breach.
“As an example, these would be orders from the top leadership of how to enforce what laws and what gets priority or additional training that is needed etc… I cannot further confirm or verify the accuracy or authenticity of these documents contained within this database. As such, I cannot guarantee that the contents of the documents are accurate or reliable,” writes cybersecurity researcher Jeremiah Fowler, who authored the report.
Fowler reported that these government documents were stored in an unsecured, non-password-protected database “readily accessible to individuals with an internet connection” and vulnerable to cyberattacks or ransomware. Fowler noted that law enforcement officers are at risk when their personal documents are exposed, but no such attacks have occurred.
“Any data breach that exposes personal information belonging to police and members of law enforcement or other officials can be dangerous. Individuals whose data is exposed could be potential victims of identity theft, phishing attacks, and a range of other malicious activities,” stressed Fowler.
“The availability of government records in an unsecured database raises concerns about potential national security issues. The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes,” he added.
This database was left exposed for a minimum of six weeks, according to the report. However, Fowler recommended that a full forensic audit be conducted to “fully understand the extent and impact of the breach.”
PNP Public Information Office Chief Rederico Maranan relayed to INQUIRER.net a message from Anti-Cybercrime Group Director Police Brig. Gen. Sidney Hernia, stating that the cybercrime unit is still conducting vulnerability assessment and penetration testing.
“We cannot categorically say at this time that there was leaked applicants’ data… We also requested complete access logs from the PNP Recruitment and Selection Service (PRSS) to evaluate those logs,” he stated