The Department of Information and Communications Technology (DICT) confirmed on Tuesday, July 2, that one of its units had been targeted in a cyberattack but assured the public that the data breach affected "very few" individuals.
“There were reports earlier that DICT was hacked… this is partially true because one of our units in DICT was indeed hacked,” said DICT Assistant Secretary Renato “Aboy” Paraiso in an online press conference.
“The hackers breached one of our systems, an external unit of DICT,” Paraiso explained, referring to the incident involving DICT’s Disaster Risk Reduction Management Division (DRRMD).
Earlier, cybersecurity watchdog Deep Web Konek reported a major data breach at DICT.
Paraiso confirmed this and explained that the hacker, identified as “ph1ns,” was also responsible for breaching the online systems of other government agencies.
The affected unit, Paraiso explained, was designed for disaster response. Therefore, the influx of information was meant to be “porous” and more responsive to its functions.
“It was designed primarily to function as a response mechanism during disasters,” Paraiso explained in English and Filipino. “Perhaps that’s why it was the system they managed to hack first—it was designed with minimal safeguards and firewalls,” he added.
Paraiso assured that not much data was stored in the system except for information related to the employees assigned to the unit and DICT’s disaster assets.
“The extent of the breach was not that big,” he said.
Paraiso said fewer than 10 individuals were affected by the data breach. “Nonetheless, DICT reported this incident to the NPC [National Privacy Commission],” he added.
Daily challenges with cyberattacks
Following the recent incident, Paraiso assured that DICT remains committed to enhancing its cybersecurity measures.
“Every single day, there are attempts to breach DICT and other government systems,” Paraiso said.
He noted that DICT monitors several attempts daily. “On a given day, there are around a million attempts targeting various government and private corporation systems, including DICT,” he added.
The motive for these attacks, Paraiso said, is to exploit vulnerabilities not only in DICT but also in all other government agencies.
Despite these challenges, Paraiso assured the public that “you have a working DICT.”
“Though we're undermanned and face budgetary constraints, we do what we can,” he added.
To prevent similar incidents in the future, Paraiso said that DICT continues to implement measures to procure systems, among others.