Senator Imee Marcos seeks a legislative inquiry on the reported data breach involving the information systems of the Philippine National Police’s (PNP) Firearms and Explosives Office (FEO).
Marcos expressed serious concerns over the data breach’s implications on national security, cybersecurity, and the potential misuse of over 1.5 terabytes of compromised personal data.
The senator underscored the alarming nature of the breach, noting that even a police department has become a victim of website hacking.
Marcos said it was unforgivable for the government to repeatedly fail in protecting the public’s personal data. “The security of every Filipino does not only concern physical threat, but also all aspects of his life,” she said.
The breach reportedly exposed detailed personal information of countless individuals, including names, addresses, birth details, occupations, educational backgrounds, medical records, religious affiliations, and family information.
Financial data such as transaction records, payslips, firearm registration statuses, and emails were also leaked. The database reportedly contained 1,562,463 transaction entries, affecting approximately 589,615 individuals.
On May 13, 2024, the PNP said it was looking into a possible breach in its logistics, data, information, and management system. News reports later stated that the PNP-FEO was the latest victim of a major data breach following the incident on their Logistics Data System.
The alleged hacker, known as “ph1ns,” exploited vulnerabilities in the PNP FEO’s online systems, utilizing inadequate input sanitization and debug mode information to access various servers and retrieve environment variables and database information.
“The recent breach follows a series of cyberattacks on various Philippine government websites, highlighting the urgent need for improved cybersecurity infrastructure and immediate intervention by the Department of Information and Communications Technology (DICT),” Marcos stressed.
The incident was part of a broader trend of cyberattacks on Philippine government websites, including those of the Department of Science and Technology (DOST), the Bureau of Customs (BOC), the National Bureau of Investigation (NBI), the Philippine Statistics Authority (PSA), the Philippine Health Insurance Corporation (PhilHealth), and the House of Representatives.
According to the Kaspersky Security Network (KSN), the Philippines was No. 4 in the global ranking of countries most targeted by hackers in 2023 and the top in Southeast Asia.
Latest data of the PNP Anti-Cybercrime Group (ACG) showed that 4,469 cybercrime incidents were logged from January to March 2024, representing a 21.84 percent uptick from the 3,668 incidents in the fourth quarter of 2023.