The Department of Information and Communications Technology (DICT) confirmed on Monday that 19 government websites were hacked and defaced during the Sept. 21 protest actions against corruption. However, officials assured the public there was no evidence of a data breach.
DICT Secretary Henry Aguda said that four of the affected sites belonged to national government agencies (NGAs), while the rest were from local government units (LGUs).
“To date, wala pa kaming verified report of exfiltration. So wala pa personal information na nawala,” said Aguda.
The NGAs impacted include the Anti-Red Tape Authority (ARTA), Bureau of Customs (BOC), DICT, and the Department of Economy, Planning and Development (DEPDev). Aguda explained that only minor components such as training modules and complaint platforms were compromised, and these were quickly restored.
“Yung mga na-compromise sa kanila yung mga training modules, complaint platform, etc. And all of them naayos kaagad. So, yung apat inconsequential na yung nangyari sa kanila,” he said.
In a statement, the DICT clarified that the eGov PH App was not affected by the breach.
“The incident involves one of the many third-party systems integrated with the eGov PH – the EComplaints system – which is managed separately from the eGov PH App’s core infrastructure,”
the DICT said.
“As of this time, there is no evidence of a data breach within the eGov PH App. All personal information in the app remains secure, encrypted, and protected by strict cybersecurity protocols in line with the Data Privacy Act of 2012 and internationally recognized standards,”
it added.
Aguda noted that aside from defacement, the websites were subjected to distributed denial-of-service (DDoS) attacksand over 1.4 million failed breach attempts.
“Ang dami niyan. And kung makikita niyo apat lang yung naka-lusot. So, kudos to the people of the Cybercrime Investigation and Coordinating Center (CICC), from DICT, the Cybersecurity Bureau, the National Computer Emergency Response Team (NCERT), and together with the law enforcement,” he said.
The cyber hacktivist group AnonymousPH is suspected to be behind the attacks.
“Common denominator is the actor called AnonymousPH, dun namin na-track down. And then the chatter in the cybersecurity community is pointing to them. Although I’ve reached out to them, sabi nila hindi daw sila, so sabi ko i-disavow niyo,”
Aguda said.
A person of interest has also been identified and is being tracked in coordination with law enforcement, though Aguda declined to disclose further details.
“He/she’s in-country. Yun lang siguro. And I defer giving additional information,”
he added.