Agencies step in to probe military data breach

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines, April 3) — The government is now looking into the hacking of databases of the Armed Forces of the Philippines (AFP), some agencies, and educational institutions.

In a text message to CNN Philippines, Information and Communications Technology Secretary Eliseo Rio said the agency's cybersecurity division and the National Privacy Commission "are now in touch with the AFP to investigate this matter."

"We are operationalizing our cybersecurity intelligence platform and the Cybercrime Investigation Coordinating Center," Rio said.

A group of hackers called "PinoyLulszsec" on Monday hacked into the military database, exposing sensitive information of about 20,000 military personnel.

The hacking was part of the group's annual three-day hacking operation called "April Lulz Day" participated in by the group's affiliates worldwide.

The Philippine Army, for its part, said it is conducting security measures to prevent a repeat of the incident.

"Rest assured that all other data in our network is secured and that further security assessments are being done to prevent a repeat of this incident," Lt. Col. Ramon Zagala, Army spokesman, said in a statement.

Zagala, however, denied that PinoyLulszsec hacked the military unit.

He said data were hacked in 2018 and have been addressed in January this year. PinoyLulszsec, he added, only exposed the data on Monday to "make it appear" that the the group "was able to commemorate their yearly mischief."

"The data extracted came from exposed dump files of an old database that was being migrated from a third party Internet Service Provider to the Philippine Army Network in December 2018. These files were already addressed as early as January 1, 2019..," Zagala said.

The group was also able to hack into the websites of some government agencies and schools such as the Ateneo de Zamboanga and Technological University of the Philippines in Taguig.

Senator Sherwin Gatchalian called on the Department of Information and Communications Technology to conduct a thorough investigation on the data breach.

"It is very alarming that not only was the group able to hack and deface government websites, they were also able to access and leak sensitive information of the Philippine Army, including the Army's personnel list," he said.

Gatchalian also urged the government to "take steps to secure critical information structures and government networks," noting that even the Senate lacks "secure connection."