The Philippine Statistics Authority (PSA) is the next to suffer a data breach amid rising cybersecurity concerns in the country stemming from the Medusa ransomware attack on the Philippine Health Insurance Corporation (PhilHealth).
PSA filed a breach notification to the National Privacy Commission (NPC) soon after blurred photos of IDs and large volumes of data allegedly pilfered from a PSA database surfaced online in a social media post.
PhilHealth and PSA had earlier in 2021 formalised a joint undertaking on data sharing of death information records. The agreement enabled PhilHealth to provide PSA with electronic lists of identified members and their dependents which would then be matched with the latter’s death records.
While PSA is assessing what personal data may have been compromised, an initial review showed the breach may be limited to its community-based monitoring system that collects and processes data for local government planning.
The Philippine Identification System (PhilSys) and the civil registration system have not been affected, PSA said in a statement.
“The agency is taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the system known to have been affected,” it added.
PSA is coordinating with NPC, DICT and the Anti-Cybercrime Group of the Philippine National Police (PNP) to probe the matter.
The stat board has warned the public that social media posts with the alleged sample data could include links that contain malware that cybercriminals and bad actors may use to perpetuate other illicit acts.
Philippines Department of Information and Communications Technology (DICT) Secretary Ivan John Uy said the attack was a data breach and did not involve "ransomware" like the Medusa on PhilHealth.
Rising concerns
The NPC earlier this week said it discovered over 700 gigabytes (GB) extracted from a data dump claimed to be from the Medusa hacker group. Hackers had started circulating illegally obtained PhilHealth's data from the workstations of PhilHealth employees.
The commission had called for individuals who had their personal data stolen in the Medusa attack on PhilHealth to file a complaint and "if proven can claim damages".
The insurer advised its members to change the passwords of their online accounts, enable multi-factor authentication, and avoid responding to suspicious calls and text messages.
De La Salle University incident
In another incident, De La Salle University in Manila, Philippines also experienced a cyber attack on October 9 that affected its on-premise applications.
The university said student records and cloud-hosted applications remained intact.
“A number of steps have been taken as preventive measures. These include taking network systems offline to prevent further exposure, restricting the use of DLSU-issued computers and laptops, and requiring the activation of additional security features on the Google workspace accounts,” it added.
DLSU has tapped a global cybersecurity company to investigate the incident and restore its network systems.