The Office of the Solicitor General of the Philippines reportedly suffered a data breach, leaving the website to expose approximately some 345,000 official documents available for everyone to see and access.
According to ZD Net, British cybersecurity firm TurgenSec Ltd. was the first to discover the incident. Following this, the company immediately informed both the Office of the Solicitor General as well as the Philippine government about the data leak.
Based on the findings of TurgenSec, the breach may have occurred earlier in February, with the official files being made available for public access. ZD Net states that security researchers from TurgenSec first discovered the breach during this month as well.
The London-based security research firm initially notified the OSG earlier on March 1, 2021, and again on March 24 via a series of emails. However, the Philippine agency has yet to acknowledge the incident based on the report released by TurgenSec, revealed CNN Philippines.
Despite failing to communicate with the British cybersecurity firm, CNN Philippines said that the private documents posted on the website have since been taken down on April 28, 2021, presumably with the aid of TurgenSec’s notifications.
The company, however, notes that these files have been downloaded by an unknown third party. Following the incident, the cybersecurity company said that the files are most “likely now in the hands of malicious actors who could do considerable damage with it if mitigation steps are not taken.”
Among the thousands of files compromised include documents tagged with “confidential,” “password,” “private,” and “witness” labels.
In addition, CNN Philippines states that the files included an extensive range of topics being covered. These range from abuse, drugs, child, trafficking, execution, quarantine, COVID, Duterte, weapon, Pangilinan, military, nuke, weapon, terrorism/terrorist, NICA/intelligence, and many others.
Moreover, the documents found to be vulnerable include staff training files, internal passwords, payment information, and staffing policies, among others, revealed Inquirer.
Of these sensitive files, TurgenSec Ltd. notes that “The nature of these documents is of particular concerns as it may have the potential to disrupt/undermine on-going judicial proceedings.”
When asked to comment on the issue, CNN Philippines states that the Office of the Solicitor General only posed a response on Monday, May 3, 2020, saying they will only disclose the incident to the public “only after a proper verification has been undertaken as to the accuracy and veracity of these alleged data breaches.”
With the possible extent of the data breach, Inquirer revealed that Justice Secretary Menardo Guevarra had concerns over the incident, especially as the Department of Justice has a number of cases being handled by the OSG.