Investigation underway in BJMP cybersecurity website breach


IMG_7430.jpeg

The Bureau of Jail Management and Penology (BJMP) said on Sunday, April 7, that it has conducted a massive investigation following the recent cybersecurity breach on the bureau’s website.

Upon discovery of the breach, the BJMP Directorate for Information and Communications Technology Management (DICTM) immediately enforced the necessary schemes to mitigate its impact.

“Among the initial steps taken, the DICTM initiated password changes and conducted an inventory to assess any potential data loss,’’ the BJMP stated.

In a statement, the BJMP noted that subsequent validation revealed that the unauthorized access was facilitated by outdated security patches, for which the Content Management System (CMS) platform no longer provided technical support.

In light of this, the BJMP website is currently under maintenance, alongside expedited plans for migration to a more secure platform.

Despite the incident, the BJMP assured the public that the compromised data does not include sensitive personal information of persons deprived of liberty (PDL) or personnel.

“The recent cyber attack was perpetrated by Philippines Exodus Security (PHEDS), a hacker group known for targeting government websites. The announcement of the breach was made on X (formerly Twitter) yesterday by Deep Web Konek, a group identifying itself as cybersecurity enthusiasts monitoring Dark web activities in the Philippines,’’ the BJMP continued.