The Philippine Statistics Authority (PSA) confirms that data in the Philippine Identification System (PhilSys), Civil Registry System, and over 100 other surveys and censuses are safe and unaffected.
Personal details such as national identification cards, birth certificates, and surveys on family income remain untouched.
The data breach was linked to the Community-Based Monitoring System (CBMS) Management Information System.
The PSA's Data Breach Response Team immediately shut down servers and networks connected to the CBMS to isolate the infiltration. Data was not removed from the system, and backup copies exist.
Intensified security protocols were established to prevent further attacks on all systems managed by the PSA.
Leads for identifying the perpetrators have been provided to the Philippine National Police and the National Bureau of Investigation.
The PSA is committed to collaborating with partners to ensure justice is served.
PSA confirms data breach spares PhilSys, civil registry
At a glance
The Philippine Statistics Authority (PSA) has confirmed that data in the Philippine Identification System (PhilSys), the Civil Registry System, and more than 100 other surveys and censuses are safe and unaffected.
In a statement, the PSA said on Friday, Oct. 13, that personal details such as national identification cards, birth certificates, and surveys on family income remain untouched.
"Based on the investigation, the links posted by the bad actors lead to limited data taken from the CBMS [Community-Based Monitoring System] Management Information System," PSA Said.
CBMS is the technology-based data collection from households used for poverty-alleviation programs.
Following the discovery of data breach, the agency said that its Data Breach Response Team immediately shut down servers and networks connected with the CBMS to isolate the infiltration.
It also ensured that the data was not removed from the system and that it has backup copies.
"Intensified security protocols were then established to deter any further attacks on all other systems PSA manages," it added.
Leads for the identification of the actors have been provided to the Philippine National Police and the National Bureau of Investigation further action, the statistics agency said.
"The PSA will also work with partners to ensure the perpetrators of this incident are brought to justice," it further said.
The causes and scale of the incident are currently being jointly looked into by the Department of Information and Communications Technology, National Computer Emergency Response Team-Philippines, PNP Anti-Cybercrime Group, NBI Cybercrime Division, and the National Privacy Commission Compliance and Monitoring Division.
The data breach on PSA's system occurred following the ransomware attack on Philippine Health Insurance Corp. or PhilHealth.