The Philippines registered a 73 percent increase in personal data leaks from July to September, as scammers continue to exploit the country’s vulnerable cybersecurity systems, according to Viettel Cyber Security.

Based on the firm’s report on the country’s cyber threat landscape, Viettel said 4.32 million Filipinos had their credentials compromised in the third quarter.

This breach covers the leak of an individual’s personal information, such as passwords, financial details, and health records.

The personal data leaks in the third quarter were a massive jump from 2.54 million incidents in the second quarter. In the first quarter, the Philippines only recorded 1.25 million cases.

Leaked private information is typically reused by criminals for fake job listings, e-commerce scams, and fraudulent loan applications.

Viettel noted that Filipinos who reuse passwords across accounts are most vulnerable. It noted that small businesses are also susceptible to phishing invoices disguised as messages from legitimate suppliers.

Globally, just over 500 million records of personal information were exposed in the third quarter, based on the previous quarter’s 453.55 million.

Viettel stated that the primary driver of this upward trend is the prevalence of cybercriminal groups specializing in information-stealing malware, particularly through the “stealer-as-a-service" model.

Through the model, fraudsters can steal data without advanced technical skills.

In the third quarter, Viettel reported that the Philippines experienced five ransomware attacks from July to September. The double extortion model was widely used to encrypt data and steal information from enterprises, exerting pressure on victims to pay ransom.

The country also recorded 76 incidents of data breaches, which exposed 52 million records and resulted in data losses totaling 837 gigabytes (GB).

The report noted that the healthcare sector was the top target for cybercriminals in the third quarter, as criminals exploit the rising adoption of digital health services among Filipinos.

Hospitals and clinics, with their limited cybersecurity capabilities, have become prime targets for ransomware attacks. Apart from compromising sensitive medical information, such attacks disrupt their critical operations.

Another sector at risk is finance and e-commerce, which is exploited through phishing, credential theft, and data exfiltration.

Meanwhile, manufacturing, energy, and public services are likewise exposed to ransomware, supply-chain compromises, and advanced persistent threats (APTs).

Viettel has stressed the need for a more robust cybersecurity system in the country, as it expects the continued rise in cyberattacks in the fourth quarter.

Based on the report, artificial intelligence (AI) and deepfakes will spur a new wave of cybercrime, particularly in phishing and malware.

“Phishing campaigns will become highly personalized and fully automated using Al, making them harder to detect through traditional defenses,” said Viettel.

“As Al lowers the cost of creating and deploying attacks, the threat of large-scale malware campaigns is set to rise significantly,” it added.

Among its recommendations to enterprises include the implementation of data leak monitoring, 24/7 security operations center, a third-party risk management program, and a roadmap for cybersecurity capability.

“Organizations who innovate without the necessary protection in place become vulnerable to risks. Cybersecurity isn’t just a safeguard—it’s an enabler of sustainable digital growth,” said Viettel Country Manager Thomas Luu.