“If they can’t adhere to the most basic operational and security hygiene, how can they be trusted with handling the data of millions of Filipinos?”
BY REIN TARINAY
MANILA — A group of computer professionals said that the recent online breach of Office of Solicitor General (OSG) data and the National ID (PhilSys) Registration issues show how long the Philippine government has to go in terms of having a reliable and secure ICT infrastructure in place.
“The OSG leak, in particular, is a massive breach of public trust with immense and even life-threatening ramifications. As TurgenSec, who discovered the leaks highlighted, the contents of the court documents can be used to alter the course of pending court cases,” the Computer Professionals Union (CPU) said in a statement.
UK security company Turgensec revealed that over 300,000 files and documents from the Office odf the Solicitor General (OSG) became publicly accessible on the internet.
TurgenSec believes that the data might have ended up online because of a misconfigured server or when an administrator accidentally set a group of documents to “public” instead of “private.”
Turgensec expressed that the breach contained hundreds of thousands of files ranging from documents generated in the day to day running of ‘The Solicitor General of the Philippines’, to staff training documents, internal passwords and policies, staffing payment information, information on financial processes, and activities including audits, and several hundred files titled with presumably sensitive keywords such as “Private, Confidential, Witness and Password”.
“The nature of these documents is of particular concern as it may have the potential to disrupt/undermine on-going judicial proceedings,” said Turgensec in a statement.
The OSG is handling legal cases filed before the Department of Justice, Court of Appeals and Supreme Court against government officials.
The firm also highlighted that the data breach is particularly alarming as it is clear that this data is of governmental sensitivity and could impact on-going prosecutions and national security.
This happened amid government’s assurance of securing data privacy in its push for PH’s national ID.
“If they can’t adhere to the most basic operational and security hygiene, how can they be trusted with handling the data of millions of Filipinos?” CPU said.
Not the first time
This is not the first time that the IT systems of government agencies were compromised.
In 2016, the biggest data breach in Philippine history took place when data from the Commission on Elections website were leaked. About 55 million registered voters were put at risk.
More recently, the National ID (PhilSys) registration portal went down due to the surge of applicants.
CPU called on the people to continue to demand that the government make setting up secure, reliable, pro-people ICT systems a priority, especially at a time where more and more transactions happen online.
“Let us also continue holding the government accountable for neglecting its duty of protecting our personal data,” CPU said.