^

Metro

DICT: Walang hacking, kundi data leak ang naganap mula sa PNP portal

Mer Layson - Pilipino Star Ngayon

MANILA, Philippines — Wala umanong naganap na hacking sa data breach na kinasasangkutan ng may 1.2 milyong rekord ng mga law enforcement agencies.

Ito ang lumitaw sa isinagawang imbestigasyon ng Department of Communications and Information Technology (DICT) sa naturang isyu.

“It was not a hack. It was a data leak,” pahayag pa ni DICT Secretary Ivan Uy sa isang panayam. “A cybersecurity researcher happened to find a site where there was no security. It was just open to the public.”

Base sa imbestigasyon ng DICT, ang data leak ay nagmula mismo sa online recruitment portal ng Philippine National Police (PNP).

“It’s an employment portal or recruitment portal. The uploaded documents were the ones that were exposed,” ani Uy.

“So, there was no hacking. It was an unsecured site that was just open and anybody could see it,” dagdag pa niya.

Matatandaang iniulat ng Cybersecurity firm na VPNMentor noong nakaraang linggo ang umano’y “massive data breach” sa mga empleyado at citizen records mula sa PNP, National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR) at Civil Service Commission (CSC).

Anang kumpanya, ang naturang nakumpromisong database ay naglalaman ng highly sensitive personal information gaya ng mga pasaporte, birth at marriage certificates, drivers’ licenses, academic transcripts at security clearance documents.

Nilinaw naman ni Uy na ang data leak ay hindi naganap sa ibang ahensiya kundi sa PNP lamang.

“PNP lang po. Applicants na maging police,” aniya pa.

Dagdag pa ni Uy,  ang site ay hindi pa professionally developed at ang proyekto ay isang “mom-and-pop operation”.

“Because it is a government agency, they just adopted and used it without even consulting the DICT on what are the best practices and international standards in terms of cybersecurity and data protection,” aniya pa.

Ang naturang site ay isinara naman na aniya.

Nabatid na nagkasa na rin ang National Privacy Commission ng imbestigasyon upang matukoy kung may protocols, batas o panuntunan na nalabag.

Matatandaang si Cybersecurity researcher Je­remiah Fowler ang nakatuklas ng existence ng isang non-password protected database sa pamamagitan ng IOT search engine.

Aniya, ang database ay “publicly accessible” sa sinumang may access sa internet.

PNP PORTAL

Philstar
  • Latest
Latest
Latest
abtest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with