Senate probe on recent PNP data breach sought


Sen. Imee Marcos has filed a resolution seeking to investigate the reported data breach of the Philippine National Police’s (PNP) Firearms and Explosives Office (FEO).

In filing Senate Resolution 1029, Marcos expressed concern about its impact on national security, cybersecurity, and the potential misuse of hacked information involving over 1.5 terabytes of personal data.

“Over half a million Filipinos are now threatened by data thieves. Yet again our data privacy has been violated, this time escaping even the police! Again, simply filling out a government form has resulted in a data breach. Even more sinister, who hacked our firearms and explosives files?” the senator asked.

“It is unforgivable for government to repeatedly fail in securing the public’s personal data. Ang seguridad ng bawat Pilipino ay hindi lamang kaugnay ng mga bantang pisikal, ngunit lahat na ng aspeto ng pamumuhay, lalong lalo na sa mga personal na impormasyong dapat ay pinangangalagaan,” she added.

The reported breach has allegedly exposed detailed personal information of numerous individuals, including names, addresses, dates and places of birth, occupation, educational background, medical records, religion, and family information.

“Financial transaction records such as names, transaction numbers, dates, payslips, firearm registration statuses, and emails were also leaked. Further, there were 1,562,463 entries in the transactions table on the leaked database, affecting approximately 589,615 individuals,” Marcos’ resolution stated.

On May 13, 2024, the PNP said it was looking into a possible breach in its logistics, data, information, and management system. News reports later stated the PNP FEO was the latest victim of a major data breach following the incident on their Logistics Data System.

The alleged hacker, known only as “ph1ns,” claimed the breach was facilitated by vulnerabilities in the PNP FEO’s online systems. The hacker exploited a lack of input sanitization and debug mode information to gain access to various servers, retrieving environment variables and database information.

“The recent breach follows a series of cyberattacks on various Philippine government websites, highlighting the urgent need for improved cybersecurity infrastructure and immediate intervention by the Department of Information and Communications Technology (DICT),” Marcos stressed.

“Hindi maaaring walang gawin ang DICT, at lalong hindi katanggap-tanggap na maulit pa ito sa iba pang ahensya ng pamahalaan (It's not right that the DICT will not do anything, and it's also unacceptable if this happens with another government agency),” she added.

Recent reported hacking incidents of various government offices include the Department of Science and Technology (DOST), Bureau of Customs (BOC), National Bureau of Investigation (NBI), Philippine Statistics Authority (PSA), Philippine Health Insurance Corporation (PhilHealth), and the House of Representatives.