Sunday , December 1 2024

Over 1M records from NBI, PNP, other agencies leaked in massive data breach

MANILA, Philippines —A staggering 1,279,437 records belonging to law enforcement agencies, including sensitive police employee information, have been compromised in an unprecedented data breach, as revealed by a report from the leading cybersecurity research company VPNMentor on Tuesday.

The massive data hack, which exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF), has put the personal information of millions of Filipinos at risk.

Exposed records encompass highly sensitive data such as fingerprint scans, birth certificates, tax identification numbers (TIN), tax filing records, academic transcripts, and even passport copies.

Workshop on “DDoS use cases & solutions for government & BFSI” held at BCS

A workshop on "DDoS use cases & solutions for government & BFSI" held at Bangladesh computer society premises on Saturday...
Read More
Workshop on “DDoS use cases & solutions for government & BFSI” held at BCS

Uganda confirms hack of central bank accounts, Refutes $17 Million Claim

Uganda’s finance ministry confirmed media reports that hackers breached the central bank’s systems and stole money, but refuted the claims...
Read More
Uganda confirms hack of central bank accounts, Refutes $17 Million Claim

CVE-2024-11667
Hackers actively exploiting Zyxel firewall to deploy Ransomware

CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being...
Read More
CVE-2024-11667  Hackers actively exploiting Zyxel firewall to deploy Ransomware

Daily Security Update Dated: 29.11.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update  Dated: 29.11.2024

CIRT-in flags Critical Flaw in Oracle Agile PLM Framework

CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as...
Read More
CIRT-in flags Critical Flaw in Oracle Agile PLM Framework

Microsoft patches four vulnerabilities in its services

On November 26th, Microsoft patched four vulnerabilities detected in Dynamics 365 Sales, the Partner.Microsoft.Com portal, Microsoft Copilot Studio and Azure...
Read More
Microsoft patches four vulnerabilities in its services

Data broker exposes 600K+ passwordless sensitive files online

SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K records according to the security...
Read More
Data broker exposes 600K+ passwordless sensitive files online

Cloudflare logs faces major failure, losing 55% of user data

Cloudflare suffered an incident roughly 3.5 hours On November 14, 2024 impacting the majority of customers using Cloudflare Logs. Cloudflare...
Read More
Cloudflare logs faces major failure, losing 55% of user data

VMware Patched critical flaw in Aria Operations

VMware revealed several critical vulnerabilities in its Aria Operations product, with the most severe allowing attackers to gain root user...
Read More
VMware Patched critical flaw in Aria Operations

HDFC Life hit by data breach, begins investigation

On Monday, Indian HDFC life insurance said, They got some instances of data leaks. "We have received communication from an...
Read More
HDFC Life hit by data breach, begins investigation

 

A total of 1,279,437 records from law enforcement agencies, including police employee records, were left exposed in a massive data breach, according to a report published by cybersecurity research firm VPNMentor on Tuesday.

Sample of a criminologist accreditation, police clearance form, and BIR identification card, all available on the exposed database.

Sample of a criminologist accreditation, police clearance form, and BIR identification card, all available on the exposed database.

Internal directives addressing law enforcement officers were also exposed in the data breach.

“As an example, these would be orders from the top leadership of how to enforce what laws and what gets priority or additional training that is needed etc… I cannot further confirm or verify the accuracy or authenticity of these documents contained within this database. As such, I cannot guarantee that the contents of the documents are accurate or reliable,” writes cybersecurity researcher Jeremiah Fowler, who authored the report.

Fowler reported that these government documents were stored in an unsecured, non-password-protected database “readily accessible to individuals with an internet connection” and vulnerable to cyberattacks or ransomware. Fowler noted that law enforcement officers are at risk when their personal documents are exposed, but no such attacks have occurred.

“Any data breach that exposes personal information belonging to police and members of law enforcement or other officials can be dangerous. Individuals whose data is exposed could be potential victims of identity theft, phishing attacks, and a range of other malicious activities,” stressed Fowler.

“The availability of government records in an unsecured database raises concerns about potential national security issues. The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes,” he added.

This database was left exposed for a minimum of six weeks, according to the report. However, Fowler recommended that a full forensic audit be conducted to “fully understand the extent and impact of the breach.”

PNP Public Information Office Chief Rederico Maranan relayed to INQUIRER.net a message from Anti-Cybercrime Group Director Police Brig. Gen. Sidney Hernia, stating that the cybercrime unit is still conducting vulnerability assessment and penetration testing.

“We cannot categorically say at this time that there was leaked applicants’ data… We also requested complete access logs from the PNP Recruitment and Selection Service (PRSS) to evaluate those logs,” he stated

 

Check Also

red circle

Data broker exposes 600K+ passwordless sensitive files online

SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K …

Leave a Reply

Your email address will not be published. Required fields are marked *