The Supreme Court (SC) declared that as of late Wednesday afternoon, Aug. 28, it “found no evidence of a breach or indication that sensitive data was compromised.”
But the SC warned that “releasing sensitive and private data without proper authorization are criminal acts.”
The probe was conducted when a social media post went viral that the reported data breach exposed sensitive legal information on over 13,000 records – including names, case details, and payment information from the Judicial Electronic Payment System (JEPS).
In a statement issued by its Spokesperson Camille Sue Mae L. Ting, a lawyer, the SC said it “will continue to investigate further, employing the right amount of redundancy by approaching the investigation from many angles.”
The SC also said:
“As a precautionary measure, and although regularly done, we will do another round of Vulnerability and Penetration Testing assessment (VAPT) and have asked our providers and partners to do the same. We are also going to conduct another external review of our cybersecurity systems.
“We assure the public that in its current efforts to digitalize court processes, the Court has always given to priority cybersecurity and taken the necessary precautions in terms of training, access, and the use of the needed apps and hardware. We have layers of in-house and external cybersecurity.
“We are aware that hacking data from institutions such as the Judiciary is tempting. We remind the public that our systems are professional, state-of-the-art, robust, and capable of identifying and tracing the sources of any form of attack. We also remind the public that any attempt to gain unauthorized access or compromise our systems, as well as releasing sensitive and private data, without proper authorization, are criminal acts.
“Finally, part of the Strategic Plan for Judicial Innovation (SPJI) 2022-2027 is the eCourt PH version 2.0, which includes making public all pleadings, motions, and orders not confidential or covered by any privilege in due time.
“This is the Court’s contribution to transparency and commitment to the constitutional mandate of conducting public trials without compromising the constitutional rights of any party. We ask for patience from the public as we set up our systems in the right way.”
Earlier, Ting assured that “all processes of the Court, including the Bar exams, are secure.”
Ting said “the SC has invested in cybersecurity for its data and will continue to do so as we digitalize our processes.”
The reported data breach in the SC’s processes happened last Tuesday, Aug. 27, the day when Ting said, in a press conference, that the High Court has “a very robust anti-hacking application.”
During the media briefing, Ting said: “So security is very, I say strong. Until now, I’d like to say and very proud that the SC has not been hacked.”
Ting’s statement was a response to a question on how the SC can ensure that the protection of cases and data with the implementation of the mandatory submission of electronic copies of pleadings and other court submissions before the trial courts.
Later, Ting admitted: “There is a first time for everything.”
Later in the afternoon last Aug. 27, Deep Web Konek, a group that monitors Dark Web activities in the Philippines and describes itself as cybersecurity enthusiasts, posted on social media platform X (formerly Twitter) that “a major security exposed sensitive legal data from the Supreme Court. Over 13,000 records including names, case details, and payment info, were leaked.”
Also tagged by Deep Web Konek in its post was the account of the SC’s Public Information Office (SC-PIO). It said that a hacker group known as “Grep” has claimed responsibility for the breach.
Kukublan Philippines, the media arm of Deep Web Konek, said in its post that the breach has exposed 13,564 records.
It said the breach covered a wide range of legal proceedings and applications like “Assessment Numbers: Unique identifiers linked to legal cases and applications; Full Names: Personal details of individuals involved in legal matters; Case Categories and Types: Information related to the nature of the legal cases; Payment Statuses: Details indicating whether fees associated with the cases have been paid.”