The Philippine National Police (PNP) has requested for extra time to validate if its database was compromised, the National Privacy Commission (NPC) mentioned Thursday.
In an announcement, Privacy Commissioner John Henry Naga mentioned the NPC gathered involved authorities companies, specifically the PNP, National Bureau of Investigation (NBI), Civil Service Commission (CSC), and Bureau of Internal Revenue (BIR) to handle the alleged leak of private information involving regulation enforcement companies.
“According to representatives of said agencies, after conducting their respective investigations and vulnerability tests, the NBI, CSC, and BIR have confirmed that there were no breaches on their part and will release their respective statements to the public,” Naga mentioned.
“However, the Philippine National Police requested for time to validate and review its systems for possible security compromise considering that the Police was highlight in the report alleging the data leak,” he mentioned.
According to a report from Jeremiah Fowler of vpnmentor.com, a supposed leak from the PNP database comprised particulars of 1.2 million information of workers and candidates.
Leaked information embody paperwork of educational and private historical past comparable to beginning certificates, academic report transcripts, diplomas, tax submitting information, passports and police identification playing cards.
Copies of fingerprint scans, signatures, and required paperwork had been additionally discovered.
“To further investigate this matter, we issued an order to conduct an onsite investigation on the concerned data processing system of PNP on 24 April 2023 headed by the Complaints and Investigation Division of this Commission,” Naga mentioned.
The Privacy chief mentioned the NPC additionally ordered Fowler, the cybersecurity researcher who revealed the article alleging the information breach, to seem earlier than this company on April 21 to help in its investigation.
“The recent allegations of a data breach involving law enforcement agencies in the country should serve as a reminder that no organization, not even the government, is immune to the threat of cyberattacks and that we should remain in constant vigilance in protecting personal data,” Naga mentioned.
“I call on all government agencies and private sectors processing personal data to review the implementation of their data privacy and security measures. It is not enough to simply comply with existing regulations and standards; we must also proactively identify and address potential vulnerabilities,” he mentioned.
The NPC known as on the involved authorities companies to strictly adjust to the Data Privacy Act of 2012, together with the necessary breach notification requirement as its investigation is underway.—AOL, GMA Integrated News
Source: www.gmanetwork.com