The Philippine Statistic Authority (PSA) has assured the public that the information collected for national ID and civil registry were not affected by the data breach involving one of its systems.
In a statement on Wednesday, Oct. 11, the agency said that they immediately investigated the matter through their Data Breach Response Team (DBRT) after receiving a data breach report last Saturday, Oct. 7.
They went on to submit a breach report and coordinated with the National Privacy Commission (NPC), as well as the National Computer Emergency Response Team-Philippines (NCERT-PH) of the Department of Information and Communications Technology (DICT), and the Anti-Cybercrime Group of the Philippine National Police (PNP).
As per the agency’s initial assessment, the alleged data breach was limited to the Community-Based Monitoring System (CBMS). They are yet to identify what personal data was compromised.
“From the initial assessment, the system allegedly affected is limited to the Community-Based Monitoring System (CBMS). The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course,” PSA wrote.
According to the agency's website, CBMS is an “organized technology-based system of collecting, processing, and validating necessary disaggregated data,” that may be utilized for planning, program implementation, and impact monitoring at the local level.
The statement comes after DICT Secretary Ivan John Uy revealed that another agency was affected by a data breach, following the massive data leak in PhilHealth.
“Malaki rin ito. Malaki ang pinsala dahil ang breach ay significant. We are currently waiting for them, for that agency to respond to all our requests," he said during the agency’s event in Taguig on Oct. 11.
PSA said that they are currently “taking additional preventive and containment measures” to safeguard the security of all systems, including shutting down and isolating those affected by the breach.
They also assured the public that the Philippine Identification System (PhilSys)—the program that currently runs the national ID registrations—and the Civil Registration System (CRS) which records all the birth, marriage, and death certificates were not compromised.
“The PSA warns the public that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts,” PSA wrote, advising the public to refrain from clicking on dubious links online.