DOST also hacked: Email addresses leaked


The Department of Science and Technology (DOST) confirmed on Friday that it was among the three government agencies that suffered cybersecurity breaches in August. The three breaches preceded the Sept. 22 ransomware attack on state-owned Philippine Health Insurance Corp. (PhilHealth), which leaked 734 gigabytes of its members’ personal data, according to the National Privacy Commission. The PhilHealth breach is believed to be the largest leakage of private data in government care since the Commission on Elections’ “Comeleak” incident in 2016. In DOST’s case, the leakage involved the email addresses of about 1,000 experts and clients who were registered in the agency’s OneExpert portal, which was meant to help the public connect with experts in given fields. Rowen Gelonga, DOST Region 6 director, said they first learned of the leak on Aug. 31 when the Philippine National Computer Emergency Response Team informed them that an administrator account was compromised and was used to access the OneExpert site. Cloud dump of data But while DOST was fixing other vulnerabilities, an anonymous user posted in social media on Oct. 8 a hyperlink to a cloud dump of data from the OneExpert portal, Philippine Statistics Authority (PSA) and Forensics Group of the Philippine National Police (PNP-FG). All three agencies subsequently tried to downplay the leakages by saying that the breaches were “limited” and no “sensitive” personal data were compromised. “Based on the investigation, the links posted by the bad actors lead to limited data taken,” said National Statistician Claire Dennis Mapa, who concurrently heads the PSA. Unlike the PhilHealth attack, however, no “bad actor” made any demand for ransom before the data dump was made, leaving the possibility that they were “white-hat penetration tests” meant to reveal cybersecurity weaknesses. READ: Leaked Philhealth data ‘staggering,’ says NPC According to Gelonga, “you don’t have to undermine (or resort) to illegal means to get the names of the experts because the portal has a mechanism for contacting the expert directly.” Still, he said they regret that the leak even happened at all and that the DOST was already beefing up their security measures. ‘An area of concern’ “We admit that this is an area of concern,” he said. “Our system was developed way back in 2016 and we are now overhauling the system.” The PNP-FG also claimed that no “sensitive” data were compromised. In a press briefing in Camp Crame on Friday, Police Maj. Michael Ignacio, information technology

Read more at : inquirer

Disclaimer : We make no assurance about the completeness and accuracy of the content of this website. All news on this website is collected from various sources hence information may or may not be true. Money Nations does not verify the reliability of the content published. We do not accept any accountability for loss or damage occurred as a result of reliability on the content of this website.