Despite at least 1,000 cyberattack attempts logged daily, the government’s eGov app has not been successfully hacked, the Department of Information and Communications Technology (DICT) said on Tuesday, March 24.

“‘Yung attempts, marami iyon. Wala pa kaming alam na naging successful breach sa eGov app because of the inherent security measures that’s been imbedded in the app (There are many attempts. We are not aware of any successful breach of the eGov app because of the inherent security measures embedded in the app),” DICT Secretary Henry Aguda said during a press briefing in Mandaluyong City after the ceremonial signing of the IRR of Republic Act No. 12254, or the E-Governance Act.

According to DICT Undersecretary for E-Government David Almirol Jr., the platform faces thousands of cyberattack attempts each day, highlighting the scale and persistence of threats targeting the system.

“Sa ating logs, may mga time na libo sa isang araw. More than one thousand a day. Mayroon pa kaming experience na umabot pa kami ng around 5,000 to 6,000 a day especially ‘yung attempts to DDoS (Distributed Denial-of-Service) ‘yung endpoints namin (In our logs, there are times when attacks reach thousands in a day—more than one thousand daily. We even experienced around 5,000 to 6,000 attempts in a day, especially attempts to DDoS our endpoints),” he said.

“Hindi nila kaya ma-hack so ang ginagawa na lang nila gusto nilang i-DDoS para bumagal ‘yung app. Tina-tyambahan po nila ang IP address namin (They cannot hack it, so what they do instead is try to DDoS it to slow down the app. They randomly target our IP addresses),” he added.

To counter these, the DICT said it has deployed anti-DDoS systems to prevent service disruption.

Almirol stressed that safeguarding the platform’s credibility and public trust remains the top priority, as the app continues to expand its user base to around 40 million downloads.

“Alam niyo po, iyan po ang unang-unang prayoridad ng eGov. Syempre isang platform lang po namin ang ma-hack eh ang buong kredibilidad po ay guguho po iyan (You know, that is the very first priority of eGov. Of course, if even one of our platforms gets hacked, our entire credibility will collapse),” he said.

“At ‘yung trust po iyan po ang pinaka-importante. Sabi nga ngayon, trust is the new oil. Tiwala po ng bayan ay importante (Trust is the most important thing. As they say now, trust is the new oil. The trust of the people is important).”

Per the DICT, the eGov app is equipped with multiple layers of security, including full data encryption to protect user information even in the event of a breach.

“Kaya habang ginagawa po ang e-gov marami po kaming layers of security na nilagay at nag-full encrypt kami. Ibig sabihin, ‘yung data natin hindi kayang basahin (That’s why as we built eGov, we put in many layers of security and implemented full encryption. This means our data cannot be read),” he said.

“So aside sa layers of security, just in case ma-hack, hindi kayang basahin iyan ng hacker kasi nga encrypted ang data natin. So there is no way na makikita ‘yung pangalan mo, ‘yung mobile number mo, ‘yung email mo, address mo—kasi nga naka-full encrypt po siya ( So aside from the layers of security, even if it gets hacked, hackers still won’t be able to read the data because it is encrypted. There is no way they can see your name, mobile number, email, or address because it is fully encrypted),” he added.

As such, Almirol said the DICT is integrating emerging technologies such as blockchain and artificial intelligence (AI) to further strengthen the system.

“So aside from that, ang mga initiative ni secretary, na ini-implement din namin ‘yung mga blockchain technology pati ‘yung AI technology natin (Aside from that, among the secretary’s initiatives, we are also implementing blockchain technology and our AI technology),” he said.

He noted that cybersecurity efforts are continuously evolving to keep pace with persistent threats.

“Itong pong layers of security na ito, tuloy-tuloy po ito. Hindi kami tumitigil kasi ang hackers hindi po tumitigil iyan. So dapat po ang eGov hindi rin dapat tumitigil (These layers of security are continuous. We do not stop because hackers do not stop. So eGov should not stop either),” said Almirol.

The DICT also highlighted the need to standardize security protocols across government agencies integrating into the platform.

Almirol recalled a 2024 incident initially thought to be a breach of the eGov platform, but which was later determined to have involved only one of its integrated systems.

“For example po, nung 2024, nagkaroon po ng suspected alleged breach sa isang nag-integrate sa e-gov —‘yung egov play system. So akala nila egov ang na-hack, pero hindi. ‘Yung na-hack pala ‘yung isa sa nag-integrate sa eGov. So ngayon, natatakot na kami mag-integrate sa ibang agency (For example, in 2024, there was a suspected alleged breach involving a system integrated into eGov—the eGov play system. They thought eGov was hacked, but it wasn’t. It was one of the systems integrated into eGov that got hacked. So now, we are more cautious in integrating with other agencies),” he said.

He noted that stricter security compliance is now required before any integration is allowed.

“So ngayon because of this new law, before ka mag-integrate ka sa eGov, kailangan sundan mo muna ang standard na security. We will not allow anymore integrations sa egov na hindi tumatawid muna sa security measures para both safe (Now, because of this new law, before you can integrate into eGov, you must first comply with standard security requirements. We will no longer allow integrations into eGov that do not pass through security measures so that both sides are safe),” he said.