News

PhilSys, civil registry not affected by data breach – PSA

by Carl Santos

PUBLISHED ON October 12, 2023

THE Philippine Statistics Authority (PSA) is investigating a data breach even as it assures the public that key records are safe.

In a statement on Wednesday, the PSA said it immediately launched an investigation after claims about an alleged data leak involving a system managed by the agency circulated on social media.

The agency also coordinated with the Compliance and Monitoring Division of the National Privacy Commission (NPC), the National Computer Emergency Response Team-Philippines (NCERT-PH) of the Department of Information and Communications Technology (DICT), and the Anti-Cybercrime Group of the Philippine National Police (PNP) regarding the matter.

”From the initial assessment, the system allegedly affected is limited to the Community-Based Monitoring System (CBMS). The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course. The agency is taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the systems known to have been affected,” the PSA said.

”The PSA assures the public that the Philippine Identification System (PhilSys) and the Civil Registration System (CRS) have not been affected.”

It also said that it would be working with all law enforcement agencies to apprehend the perpetrators.

This new case of data breach comes after the ransomware attack that hit the Philippine Health Insurance Corporation (PhilHealth) on September 22.

Days after the deadline for making a ransom payment of almost $300,000, or roughly P17 million, expired, the hackers released the stolen data, affecting millions of people.

“Using the stolen data, the hackers will likely target members through calls, emails, or text messages. Let us then heed the advice of authorities to refrain from clicking doubtful links or providing passwords or OTPs. It is best to ignore suspicious calls and to delete text or emails instead from unknown and suspicious senders,” PhilHealth president Emmanuel Ledesma Jr., said.