THE Philippine Statistics Authority (PSA) said information from the national ID and the civil registry systems were not affected in the alleged data breach involving the agency.
On Wednesday, Oct. 11, the PSA said the Philippine Identification System (PhilSys), or the program running the country’s national ID implementation, and the Civil Registration System (CRS), which holds the database including birth certificates, “have not been affected.”
According to the agency, based on its initial assessment, the system allegedly affected is limited to the Community-Based Monitoring System (CBMS).
“The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course,” it said.
The agency released the statement immediately after Department of Information and Communications Technology (DICT) secretary Ivan John Uy revealed that another government agency suffered from a data breach.
Uy initially did not name the agency but he said the data involved could be “significant.”
“Malaki rin ito. Malaki ang pinsala dahil ang breach ay significant. We are currently waiting for them, for that agency to respond to all our requests,” Uy said at the sideline of the DICT GIDAS Network Connectivity Initiative event in Taguig.
Meanwhile, the PSA said it is “assessing what personal data” from the CBMS may have been compromised.”
According to the PSA website, CBMS is a technology-based data collection and processing system targeting households and is used as a basis for poverty alleviation programs.
“[T]he CBMS entails a census of households undertaken by the local government units (LGUs) with the participation of the community using accelerated poverty profiling systems in the data,” it said.
It added: “Data that will be generated by the CBMS are the compendium of localized facts, figures, and maps on the different dimensions of poverty such as health, nutrition, water, sanitation, shelter, education, income, employment, security, and participation.”
The PSA said it is also taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the system known to have been affected.
The National Privacy Commission said the PSA submitted the breach notification to them on Oct. 10 at 6 p.m.
The PSA also warned the public against social media posts containing the alleged sample data that include links that may contain malware.
“The public is strongly advised not to click on such links,” it said.
Yesterday, Sen. Win Gatchalian said the data breach was “deeply alarming” and called for a thorough investigation.
Those responsible for the attack on the CBMS should be immediately identified, he said.
The alleged breach in the PSA follows the massive PhilHealth cyberattack. (ABS-CBN News)
