The Philippine Statistics Authority (PSA) is the latest organization to face a data security issue.
Deep Web Konek (DWK), a group dedicated to posting “dark web” activities, reported that a “threat actor” posted on Facebook on October 9 about an alleged data leak from PSA servers.
DWK also noted that the data allegedly breached amounted to around 42 billion files.
“Today, October 9, 2023, a threat actor named Diablox Phantom #02 showed new evidence supporting the claim of a massive data leak from the Philippine Statistics Authority (PSA) record database,” the group said.
“The Facebook page/user posted evidence again about the amount of data breached outside PSA servers with approximately 42 billion files,” it added.
DWK’s post also showed a screenshot of the threat actor’s Facebook post. It showed the supposed 42-billion leaked data in a zipped file.
The group presumed that the uploader did not aim to disclose critical information from the PSA’s records.
“The threat actor’s goal is not to disclose the critical information from the records but to use a sample of the record database to give awareness that the security of the Philippine Statistics Authority (PSA) was at some point compromised in the past and is probably still,” it said.
“A data leak this massive compromises the integrity of the security of information not only in the Philippine Statistics Authority (PSA) but also in any related government agency that contains sensitive data and information about the identities of the Filipino people,” the DWK added.
Data analyst Dominic Ligot, who is also a member of the Philippine Center of Investigative Journalism (PCIJ), later saw DWK’s post. Ligot shared this post on his X account on October 11.
“After Philhealth, a larger leak has been circulating in forums. The PSA dataset of 42B rows contains IDs and PII,” he said.
“For the rest of us: cyber hygiene applies. Be mindful of where your IDs, emails and cellphones were used. Use a separate identity for financials,” he added.
Pictures provided by DWK also accompanied his post. They showed blurred identification cards and a spreadsheet of information.
After Philhealth, a larger leak has been circulating in forums. PSA dataset of 42B rows contains IDs and PII.
For the rest of us: cyber hygiene applies. Be mindful of where your IDs, emails and cellphones were used. Use a separate identity for financials.
Images via DWK. https://t.co/HAHwja5WDS pic.twitter.com/u1D0Adfivm
— Dominic Ligot (@docligot) October 11, 2023
On the same day, the Department of Information and Communications Technology (DICT) Secretary Ivan Uy warned the public that other government agencies have also been breached.
Uy, however, neither confirmed nor declined if he was referring to the PSA.
PSA’s response
In response to these reports about the alleged data leak in its system, the PSA said that it is still assessing the affected “personal data” from its Community-Based Monitoring System (CBMS).
“From the initial assessment, the system allegedly affected is limited to the Community-Based Monitoring System (CBMS). The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course,” the authority said.
“The agency is taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the system known to have been affected,” it added.
The PSA also activated its Data Breach Response Team (DBRT) and coordinated with government agencies, including the DICT and the Anti-Cybercrime Group, about this matter.
It further assured the public that the critical national IDs and the Civil Registration System (CRS) were not affected.
Moreover, the agency also cautioned the public from clicking links in social media posts with alleged sample data.
“The PSA warns the public that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts. Therefore, the public is strongly advised not to click on such links,” the PSA said.