Photographer: Johannes Eisele/AFP via Getty Images

DOST Cybersecurity Incident; Website Defacement and Data Leak Compromising Employees’ Information 


April 11, 2024
Updated on April 11, 2024
{{bullet-1}}
{{bullet-2}}

The Department of Science and Technology (DOST) was involved in a series of cybersecurity incidents that involved the defacement of their websites and confirmed data leaks of information and personal data belonging to the department.  

Defaced Website 

On April 2, 2024, three DOST-affiliated websites and services were compromised and defaced by a threat actor known as “ph1ns” belonging to the hacker group #opEDSA. The defacement came with a message strongly opposing the existence of political dynasties and calling for charter change. This same group of hackers was also linked to a cyber-attack involving the websites of businesses belonging to House Speaker Martin Romualdez.  

Affected DOST websites include the following: 

  • DOST Help Desk (https://helpdesk.dost.gov.ph) 
  • Health and Technology Assessment division (http://hta.dost.gov.ph) 
  • S&T Foundation Unit (https://sfu.dost.gov.ph) 
Archived DOST Help Desk Website dated April 2, 12:26pm
Archived DOST HTA division Website dated April 2, 12:29pm 
Archived DOST S&T Foundation Unit Website dated April 2, 12:29pm 

Data Leak Compromising 2TB of DOST Data 

In response to the cybersecurity attack, the DOST reached out to the Department of Information and Communications Technology (DICT) to confirm the extent of the attack, where it was discovered that 2TB worth of data including schematics, designs, and backups were compromised and possibly deleted. 

“We detected the attack since yesterday. In fairness to DOST, they reached out to DICT to ask for our assistance… We can confirm it’s around 2 terabytes.” 

Renato Paraiso, DICT

Reports indicate that #opEDSA hackers were able to find an exposed ‘git’ repository belonging to one of their websites and gain access from there. An article detailing the step-by-step process of the attack can be found here. 

Screenshot of the alleged data leak by hacker” ph1ns” 

On April 4, 2024, the DICT Assistant Secretary for Legal Affairs Renato Paraiso reported that the attack was a standard ransom attack. But unlike the common ransomware attack, the threat actors involved have not made any demands in exchange for the files.  

“The first message of the threat actors was somewhat political. So, we’re not discounting that this is part of hacktivism or something more nefarious or devious.” 

Renato Paraiso, DICT

The DICT also clarified earlier reports of the data leak amounting to 25TB, pointing out the “exaggerated” claims to make it more believable.  

“What we discovered and what we are looking at is around two terabytes, 25 terabytes is a bit embellished.” 

Renato Paraiso, DICT

NPC Investigation Leads to Employee Data Leak 

The National Privacy Commission (NPC) revealed through an investigation that the data leak involved the personal information of 597 employees including the names, gender, civil status, and the addresses of DOST employees. Additionally, the resumes of several DOST applicants were also compromised: 

“The NPC has launched an investigation in response to a reported personal data breach within the DOST. Initial findings indicate that the breach includes the personal data of approximately 597 data subjects, all of whom are employees of DOST.” 

NCP Statement
NPC Press Statement on the Alleged DOST Data Breach

Share this article
Email