DICT ‘doubles down’ on data leak probe of government agencies


THE Department of Information and Communications Technology (DICT) said on Thursday it has “doubled down on its investigation” of the alleged personal data leak involving several agencies, including the Philippine National Police.

“The DICT considers the incident as a grave concern that threatened the confidentiality, integrity, and privacy of user data. The Department assures the public that investigation on the matter is underway,” the DICT said in a statement on Thursday.

This, as the National Bureau of Investigation (NBI), Civil Service Commission (CSC), and the Bureau of Internal Revenue (BIR) have confirmed—after conducting a series of investigations and vulnerability tests—that there were no breaches on their part, the National Privacy Commission (NPC) said.

The DICT, meanwhile, told government agencies to build up their cybersecurity capacities, especially with the alleged data breach issue.

“The Department would also like to remind all government agencies to increase its cybersecurity measures and to coordinate with the DICT for further capacity building in this area. Cybersecurity should be a concerted effort of everyone and all agencies are encouraged to seek assistance to help secure their respective cyber assets,” the DICT said.

The NPC said it was to meet with the PNP, NBI, and other concerned agencies on Thursday to investigate the alleged leak of documents containing personal data involving law enforcement.

NPC said it decided to investigate the alleged leak of documents after an online report claimed the documents include personal information such as names, addresses, contact details, and even medical records of police officers, prosecutors and judges.

“The NPC considers this matter of utmost importance and has taken immediate action to ensure that those responsible for the alleged breach will be held accountable,” NPC said in a statement on Thursday.

In line with this, Privacy Commissioner John Henry Naga reminded those who process personal data of their duty to protect the data they collect.

“As your data privacy authority, the NPC is fully committed to protecting personal information and assures the public that we will not leave a stone unturned in getting to the bottom of this alleged breach,” Naga said in a statement on Thursday.

“We would also like to have this opportunity to remind those who process personal data that they concomitantly have the duty to protect the data they collect. Do not collect if you can’t protect,” the NPC chief stressed.

Following the alleged records leak and breach, the NPC said it immediately called the PNP, requiring them to provide additional information and explanation regarding the incident.

With this, the privacy body said it will continue to work closely with the PNP, NBI, and other concerned agencies to ensure that “appropriate” actions are taken to prevent similar incidents from happening in the future.

The report published by a cybersecurity research firm noted that these documents are relating to individuals who “either applied for law enforcement roles or had been employed to work in law enforcement roles in the Republic of the Philippines and ancillary documents relating to the affairs and administration of law enforcement agencies in the Philippines.”

“These Applicant Records and Employee Records contained highly sensitive personally identifiable information (PII). I saw scans of official documentation such as passports, birth and marriage certificates, drivers’ licenses, academic transcripts, security clearance documents, and many more,” the online report stressed.