Philippines probes national ID database breach claim after false alarm

The Philippines Statistics Authority (PSA) has cleared the air that the country’s national ID database suffered no leaks following a recent alarm which turned out to be false.

This is in response to an alarm raised a by cybersecurity group, Deep Web Konek, that the database of the Philippine Identification System (PhilSys) had been breached, putting the ID data of millions of ID registrants at risk.

In a statement issued April 4, the PSA Undersecretary and National Statistician and Civil Registrar General, Claire Dinnis Mapa, said the report was untrue and called for calm and vigilance.

“The Philippine Statistics Authority (PSA) monitored posts on social media about an alleged data leak in the National ID system. As the central authority on official statistics, and the implementing agency of civil registration and National ID system, the PSA takes such allegations seriously and immediately investigated the claims in the said posts.  Based on the initial assessment, the PSA found no leak in the National ID database,” said Mapa in the statement.

“Further investigation is being conducted in relation to the alleged data leak in the National ID system, and that measures are in place to ensure its security and integrity. The PSA reminds the public to remain vigilant of unverified information circulating online,” he cautioned.

Meanwhile, in a statement reported by Inquirer, Dep Web Konek, said its alarm on the alleged breach was errant, describing it as inaccurate information.

“Upon thorough investigation and reassessment, we have confirmed the inaccuracy and lack of substantiation in the information shared. We deeply regret any confusion or concern our actions may have caused, particularly within the esteemed confines of the PSA and its stakeholders,” Konek said in the apology statement.

While underlining its apologies to the PSA, the firm said its post raising an alarm on the purported leak had been pulled down and that the information published was based on assumptions because it concerned ID cards.

Konek had on April 3 published information about the alleged data leak, saying ID information was put on sale on a forum said to be run by hackers, according to another Inquirer report.

A recent reported case of data leak relating to a national ID system was in Nigeria where data from the National Identity Management Commission (NIMC) was alleged to have been stolen and put on sale. In response, the ID authority and the country’s data protection commission announced a raft of measures to restrict access to the database by third parties.

Article Topics

cybersecurity  |  data privacy  |  digital ID  |  PhilID  |  Philippines  |  Philippines Statistics Authority