REVILLA ALARMED OVER ALLEGED DATA BREACH INVOLVING PNP, OTHER GOVERNMENT AGENCIES

SENATOR Ramon Bong Revilla, Jr. on Thursday (20 April) expressed his alarm as he filed Proposed Senate Resolution No. 573 directing the appropriate Senate committees to conduct an inquiry into the alleged massive data breach in the databases of the Philippine National Police (PNP) and other government agencies recently.

According to a report of VPNMentor, a leading cybersecurity research company, records of a staggering 1,279,437 persons in the repository of law enforcement agencies, including sensitive police employee information, have been compromised in an unprecedented data breach. The voluminous data hack has exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the PNP, National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF).

“Sobrang nakakabahala ang ulat na ito. Napaka-sensitive ng mga data na involved - mga fingerprint scans, tax identification numbers, birth certificates at ultimo mga kopya ng passport. Kung mapunta ito sa kamay ng mga masasamang tao, napakadali na sa kanila na gamitin ito sa panloloko at pag-access ng iba pang records katulad ng sa mga bangko,” Revilla said in dismay.

VPNMentor also bared that the alleged breached documents were stored in a database that was unsecured and non-password protected, making it highly vulnerable to cyberattacks and ransomware.

"Hindi dapat ganyan ang pangagalaga ng mga sensitibong impormasyon," the lawmaker bared. "Repositories must be extra diligent in protecting these information," he explained.

Revilla said that data privacy and protection is a matter of national security and interest  and it is imperative that Congress immediately exercise its oversight powers to ensure that existing laws on data privacy are religiously being followed.

“We have existing laws, especially Republic Act No. 10173 or the Data Privacy Act of 2012. Dapat nasusunod ito. May batas tayo eh,” Revilla lamented.

Section 2 of RA 10173 provides that, “The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.”

Section 22 of the same law provides that “All sensitive personal information maintained by the government, its agencies and instrumentalities shall be secured, as far as practicable, with the use of the most appropriate standard recognized by the information and communications technology industry, and as recommended by the Commission.”

Similar data breaches on government databases occurred in the past. In November 2021, the Department of Foreign Affairs reported a data leak in their online passport tracking system. Just last year, the Commission on Elections revealed that around "60 gigabytes worth of sensitive voter information" and other data have been hacked. Before this, a group of hackers also downloaded the personal data records of some 54 million registered voters.

“Apektado talaga ang national security ng ating bansa dito. In this age of digitalization and e-governance, mas lalo pa dapat natin paigtingin na ligtas ang mga impormasyon na hawak ng ating gobyerno para hindi makompromiso ang taumbayan. I therefore call on my colleagues in the Senate to swiftly take action on this matter para hindi na muling mangyari ito,” the veteran lawmaker ended.

-30-

REVILLA NAALARMA HINGGIL SA UMANO’Y DATA BREACH SA PNP AT IBA PANG AHENSIYA NG PAMAHALAAN

NAALARMA si Sen. Ramon Bong Revilla Jr. na agad nagsumite ng Proposed Resolution No. 573 na nag-aatas sa Senado na magsagawa ng legislative inquiry ang kaukulang komite hinggil sa matinding pagkakalantad ng database ng Philippine National Police (PNP) at iba pang ahensiya ng pamahalaan.

Ayon sa ulat ng VPNMentor, nangungunang cybersecurity research company, nakakabigla na umabot sa 1,279,437 records mula sa iba’t-ibang law enforcement agencies, kabilang na ang mga sensitibong police employee information ang nakumpurmiso dahil sa naganap na data breach.

Ang napakalaking data hack ay naglantad sa 817.54 gigabytes ng mga record ng aplikante at empleyado ng iba’t-ibang ahensiya tulad ng PNP, National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), at Special Action Force (SAF).

“Sobrang nakakabahala ang ulat na ito. Napaka-sensitive ng mga data na involved - mga fingerprint scans, tax identification numbers, birth certificates at ultimo mga kopya ng passport. Kung mapunta ito sa kamay ng mga masasamang tao, napakadali na sa kanila na gamitin ito sa panloloko at pag-access ng iba pang records katulad ng sa mga bangko,” nanlulumong pahayag ni Revilla.

Ibinunyag din VPNMentor na ang paghihimasok sa mga dokumento ay makaimbak sa isang database na hindi protektado at wala man lamang protektadong password na masyadong lantad sa cyberattacks o ransomware.

"Hindi dapat ganyan ang pangagalaga ng mga sensitibong impormasyon," the lawmaker bared. "Repositories must be extra diligent in protecting these information," paliwanag ni Revilla.

Sinabi ni Revilla na ang data privacy at ang proteksiyon nito ay isang national security at interest na kailangang tugunan ng Kongreso upang maipatupad ang umiiral na batas hinggil sa data privacy na dapat ay istriktong masunod.

“We have existing laws, especially Republic Act No. 10173 or the Data Privacy Act of 2012. Dapat nasusunod ito. May batas tayo eh, ani pa ni Revilla.

Nakasaad sa Section 2 of RA 10173 na ang Estado ay kinikilala ang mahalagang papel ng information and communications technology sa pagbuo ng bansa at ang minanang obligasyon na masigurong ang personal na impormasyon sa information and communications systems sa pamahalaan at pribadong sektor ay ligtas at protektado.

Sa Section 22 ng nasabi ring batas ay nakasaad na ang lahat ng sensitibong personal na impormasyon ay inaalagaan ng pamahalaan, bawat ahensiya at mga kaakibat nito ay dapat na ligtas gamit ang kaukulang panuntunan na kinikilala ng information and communications technology industry, na rekomendado ng Komisyon.

Matatandaan na noong Nobyembre 2021, ang Department of Foreign Affairs (DFA) ay dumanas din data leak sa kanilang online passport tracking system na labis na ikinataranta ng naturang ahensiya.

Noong nakaraang taon, ang Commission on Elections (Comelec) ay umabot din ng "60 gigabytes ng mga sensitibong impormasyon ng mga botante ang nabiktima ng hacking at bago pa ito ay nakapag-download din ang grupo ng mga hacker ng personal data records ng may 54 milyong registered voters.

“Apektado talaga ang national security ng ating bansa dito. In this age of digitalization and e-governance, mas lalo pa dapat natin paigtingin na ligtas ang mga impormasyon na hawak ng ating gobyerno para hindi makompromiso ang taumbayan. I therefore call on my colleagues in the Senate to swiftly take action on this matter para hindi na ito muling mangyari” pagwawakas pa ni Revilla.

-30-