The Civil Service Commission (CSC) assured Monday, March 1, the public that it has adopted remedial measures to ensure the integrity of its website and safeguard the personal information of its clients.
The assurance was made following the reported security breach in its server.
"The Civil Service Commission (CSC) has immediately applied measures to ensure the integrity of its website and client data privacy,” it said in a statement, after a hacker which called himself IamNoobie revealed to Manila Bulletin’s Technology News and Business Technology Editor Art Samaniego that the CSC server is vulnerable to multiple vulnerabilities that could allow hackers to take over the server.
The CSC said it has informed the concerned authorities about the matter.
"Also, as a standard procedure, the CSC has reported the incident to the Cybercrime Investigation and Coordinating Center (CICC) and the National
Privacy Commission (NPC). It continues to coordinate with the said government authorities on its following courses of action,” the commission said.
IamNoobie claimed that he exploited the vulnerabilities of the CSC server and was able to get inside the server where he found copies of passports, company IDs, official receipts, and personal user information.
The hacker also disclosed to the Manila Bulletin that other hackers were exploiting the CSC server.
He said many have installed backdoors, a method used by hackers to bypass regular authentication in a computer system to make it easier to access and control anytime.
"The CSC assures its clients that, as a data collecting agency, it takes its role of safeguarding personal information seriously,” read the statement issued by the commission’s Publications and Media Relations Division.
The CSC cited that additional security features have been incorporated within its system to prevent similar incidents in the future.
Further concerns on this matter may be brought to [email protected], it said.
IamNoobie claimed that when he saw other groups downloading data, he then decided to disconnect them one by one and started to secure the server of the CSC.
He said another group of hackers already posted a complete list of more than 52,000 users.
With this, the multiple vulnerabilities were confirmed as a data breach, the Manila Bulletin reported.