Imee seeks PNP Firearms and Explosives Office data 'breach' probe, says gov't. failure in securing personal data 'unforgivable'

Senator Imee Marcos asked the Senate on Monday, May 20, 2024, to investigate the reported data breach of the Philippine National Police's (PNP) Firearms and Explosives Office (FEO), as she expressed concern about its impact on national security, cybersecurity, and the potential misuse of hacked information involving over 1.5 terabytes of personal data.

"Over half a million Filipinos are now threatened by data thieves. Yet again our data privacy has been violated, this time escaping even the police! Again, simply filling out a government form has resulted in a data breach. Even more sinister, who hacked our firearms and explosives files?" the senator asked.

"It is unforgivable for government to repeatedly fail in securing the public's personal data. Ang seguridad ng bawat Pilipino ay hindi lamang kaugnay ng mga bantang pisikal, ngunit lahat na ng aspeto ng pamumuhay, lalong lalo na sa mga personal na impormasyong dapat ay pinangangalagaan," she added.

The reported breach has allegedly exposed detailed personal information of numerous individuals, including names, addresses, dates and places of birth, occupation, educational background, medical records, religion, and family information.

"Financial transaction records such as names, transaction numbers, dates, payslips, firearm registration statuses, and emails were also leaked. Further, there were 1,562,463 entries in the transactions table on the leaked database, affecting approximately 589,615 individuals," Marcos' resolution stated.

On May 13, 2024, the PNP said it was looking into a possible breach in its logistics, data, information, and management system. News reports later stated the PNP FEO was the latest victim of a major data breach following the incident on their Logistics Data System.

The alleged hacker, known only as "ph1ns," claimed the breach was facilitated by vulnerabilities in the PNP FEO's online systems. The hacker exploited a lack of input sanitization and debug mode information to gain access to various servers, retrieving environment variables and database information.

"The recent breach follows a series of cyberattacks on various Philippine government websites, highlighting the urgent need for improved cybersecurity infrastructure and immediate intervention by the Department of Information and Communications Technology (DICT)," Marcos stressed.

"Hindi maaaring walang gawin ang DICT, at lalong hindi katanggap-tanggap na maulit pa ito sa iba pang ahensya ng pamahalaan," she added.

Recent reported hacking incidents of various government offices include the Department of Science and Technology (DOST), Bureau of Customs (BOC), National Bureau of Investigation (NBI), Philippine Statistics Authority (PSA), Philippine Health Insurance Corporation (PhilHealth), and the House of Representatives.

According to Kaspersky Security Network (KSN), the Philippines ranked fourth in the global ranking of countries most targeted by web threats in 2023 and the top in Southeast Asia.

Latest data of the PNP Anti-Cybercrime Group (ACG) show a total of 4,469 cybercrime incidents were logged from January to March 2024, which presents a 21.84% uptick from the 3,668 incidents in the fourth quarter of 2023.