A whopping 1,279,437 records from law enforcement agencies have reportedly leaked after a massive data breach, according to cybersecurity research firm VPNMentor.
The data breach allegedly exposed 817.54GB of both applicant and employee records under different government agencies like the Philippine National Police (PNP), National Bureau of Investigation (NBI), Special Action Force (SAF), and the Bureau of Internal Revenue (BIR).
It is said that the exposed records include highly sensitive information like birth certificates, fingerprint scans, tax filing records, tax identification numbers (TIN), school transcripts, and passport copies. Also included are internal directives addressed to law enforcement officers.
“As an example, these would be orders from the top leadership of how to enforce what laws and what gets priority or additional training that is needed etc… I cannot further confirm or verify the accuracy or authenticity of these documents contained within this database. As such, I cannot guarantee that the contents of the documents are accurate or reliable,” said Jeremiah Fowler, the cybersecurity researcher that wrote the report.
Related
- How to set up one-time passwords (OTP) on Facebook, Google, Instagram, and Twitter
- 6 FREE apps for a more private and secure messaging experience
Fowler said that the leaked documents were stored in an unsecured database that is not password-protected, which is “readily accessible” to anyone with an internet connection. Such databases are prone to cyberattacks or ransomware.
The researcher highlighted the dangers of having the personal information of the police and other law enforcement members exposed. Possible victims could be subject to phishing attacks, identity theft, and other malicious activities.
Fowler added that finding government records in an unsecured database raises concerns about potential national security issues. What’s more, the leaked documents may allow criminals to target law enforcers for blackmail or other schemes.
According to the report, the database was exposed for at least six weeks. Fowler recommends that the government do a full forensic audit to fully comprehend the “extent and impact of the breach.”
In a statement to INQUIRER.net, PNP said that their Anti-Cybercrime Group is still in the process of vulnerability assessment and penetration testing.