Kingpin Posted April 19, 2023 Posted April 19, 2023 I guess they don't like the word 'hack' Quote MANILA, Philippines — A total of 1,279,437 records from law enforcement agencies, including police employee records, were left exposed in a massive data breach, according to a report published by cybersecurity research firm VPNMentor on Tuesday. The breach was of an unprotected database containing 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), Special Action Force Operations Management Division, and Civil Service Commission. Exposed records include personal information such as fingerprint scans, birth certificates, tax identification numbers (TIN) and tax filing records, educational transcript records, and passport copies. https://cebudailynews.inquirer.net/499546/over-1-million-records-from-nbi-pnp-other-agencies-leaked-in-huge-data-breach 1 Link to comment Share on other sites More sharing options...
BrettGC Posted April 19, 2023 Posted April 19, 2023 Interesting language indeed... They state "including" which would lead us to believe that more than the listed agencies are affected. 4 Link to comment Share on other sites More sharing options...
Jollygoodfellow Posted April 19, 2023 Posted April 19, 2023 But then it says, Quote ACG Public Information Officer Capt. Michelle Sabino told INQUIRER.net that the group has yet to validate the research firm’s report. Link to comment Share on other sites More sharing options...
Forum Support Old55 Posted April 19, 2023 Forum Support Posted April 19, 2023 3 minutes ago, Jollygoodfellow said: But then it says, How do you say "Cover Up" in Filipino? 1 Link to comment Share on other sites More sharing options...
JJReyes Posted April 19, 2023 Posted April 19, 2023 The database has been breached. How do you monetize it? If you try to sell it to governments like China and the United States, they will laugh. They probably already have copies. 1 Link to comment Share on other sites More sharing options...
BrettGC Posted April 19, 2023 Posted April 19, 2023 7 hours ago, JJReyes said: The database has been breached. How do you monetize it? If you try to sell it to governments like China and the United States, they will laugh. They probably already have copies. Whoever did the hack will then post an ad on the dark web selling the data to whoever can use it for whatever they like. Recent example was in Australia where some companies where hacked and the hackers held the companies to ransom with threat of the data being released on the dark web. When the time expired, they released the data. Identity theft is the goal of anyone that purchases the information. 1 Link to comment Share on other sites More sharing options...
JJReyes Posted April 20, 2023 Posted April 20, 2023 3 hours ago, BrettGC said: Whoever did the hack will then post an ad on the dark web selling the data to whoever can use it for whatever they like. Recent example was in Australia where some companies where hacked and the hackers held the companies to ransom with threat of the data being released on the dark web. When the time expired, they released the data. Identity theft is the goal of anyone that purchases the information. I can understand hacking corporate databases and having them pay ransom. This hack is Philippine government data. It would be difficult getting paid. Identity theft is a different matter. Hopefully they catch the thieves. 1 Link to comment Share on other sites More sharing options...
hk blues Posted April 20, 2023 Posted April 20, 2023 2 hours ago, JJReyes said: I can understand hacking corporate databases and having them pay ransom. This hack is Philippine government data. It would be difficult getting paid. Identity theft is a different matter. Hopefully they catch the thieves. The article clearly states what types of information was breached - it's personal information that quite clearly can be useful in identity theft. 1 Link to comment Share on other sites More sharing options...
BrettGC Posted April 20, 2023 Posted April 20, 2023 (edited) 6 hours ago, JJReyes said: I can understand hacking corporate databases and having them pay ransom. This hack is Philippine government data. It would be difficult getting paid. Identity theft is a different matter. Hopefully they catch the thieves. So you don't believe there's personal information on any of the databases that were compromised? BIR for a start, and given the wording there's more that aren't listed in the original article. Any data relating to any individual is exploitable and contributes to a bigger picture. The organisations that perform these attacks, whether criminal or state sponsored, sit there 24/7 compiling data, cross-referencing and matching individuals to build that bigger picture. They're even watching social media in case someone makes a slip. It's a an organised industry all by itself. This is not conjecture on my part; take it from someone that lived this daily, exploiting foreign intelligence targets' so-called "secure" information, targeting at both the individual and organisational levels while some of my colleagues were countering the same. I left that environment in 2007 and both government and criminal organisations had some very powerful tools to achieve their ends even then; I can only imagine how much they've progressed in the intervening 15+ years. You have to remember that for every government employee trying to counter these threats, there's someone else that's paid a lot more to breach their defences. Edited April 20, 2023 by BrettGC 3 Link to comment Share on other sites More sharing options...
JJReyes Posted April 20, 2023 Posted April 20, 2023 A follow-up article indicates that the hack has not been confirmed. Part of the protocol is to have a trusted neutral party verify how the information was obtained. Perhaps we need to wait to see what happens next. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now