Three government agencies – National Bureau of Investigation (nbi), Civil Service Commission (CSC) and the Bureau of Internal Revenue (BIR) – said there were no data breaches on their part, but the Philippine National Police (PNP) requested for time to review its systems for possible security compromise.
Privacy Commissioner John Henry Naga issued the statement after meeting with concerned government agencies on the alleged leak of personal data among law enforcement agencies.
According to Naga, representatives from NBI, CSC, and BIR said that after conducting their respective investigations and vulnerability tests have confirmed there were no breaches on their part. These agencies have released their respective statements to the public.
However, the PNP requested for time to validate and review its systems for possible security compromise considering that the Police was highlighted in the report alleging the data leak.
To further investigate this matter, Naga issued an order to conduct an onsite investigation on the concerned data processing system of PNP on April 23, 2023 headed by the Complaints and Investigation Division of this Commission.
Likewise, the NPC also ordered Jeremiah Fowler, the cybersecurity researcher who published an article regarding this matter, to appear before this Commission on Friday, April 21, to aid the Commission in its investigation.
“The recent allegations of a data breach involving law enforcement agencies in the country should serve as a reminder that no organization, not even the government, is immune to the threat of cyberattacks. And that we should remain in constant vigilance in protecting personal data,” said Naga.
He further called on all government agencies and private sectors processing personal data to review the implementation of their data privacy and security measures. “It is not enough to simply comply with existing regulations and standards; we must also proactively identify and address potential vulnerabilities. Even as our probe is underway, the NPC strongly demands of these government agencies, such as the PNP, to strictly comply with the Data Privacy,” he said.
Following the reported alleged breach, NPC gathered the agencies today, April 20, to address the alleged leak of personal data involving law enforcement agencies.
Michael R. Santos, NPC chief on complaints and investigation division, said that after the meeting, NPC was of the impression that not all the four agencies have data breach issues.
Just the same, he said, they will conduct an onsite investigation on the agencies concerns.
Under the law, Santos said, agencies and officials found to be negligent in their duties in handling sensitive personal information have higher penalty.
He stressed that government agencies have to be more careful because people have no choice but to submit their personal to these agencies. The NPC expects government agencies to be at par with the private sector in securing and protecting the personal individual data submitted to
their offices.