Photographer: Johannes Eisele/AFP via Getty Images

MPTC Confirms Data Breach Incident; Easytrips System and Other Records Compromised


September 10, 2024
Updated on September 13, 2024
{{bullet-1}}
{{bullet-2}}

On September 7, 2024, the Metro Pacific Tollways Corporation (MPTC), a toll road developer and operator in the Philippines, had a data breach incident which affected 978,848 records. The compromised data included customer information, transactional data, production files, and Easytrip records. The attack was executed by a local hactivist and grey hacker group known as DeathNote Hackers. The group publicly claimed responsibility for the attack on their Facebook page and included a link to the leaked data on their Telegram Channel.  

In their Facebook post, DeathNote Hackers emphasized the risks of placing systems and information into a single location. They warned that the Toll Regulatory Board’s (TRB) plan to merge Easytrip and Autosweep, allowing drivers to use a single Radio Frequency Identification (RFID) account for all toll roads, offers convenience to drivers but also simplifies the work of threat actors. By centralizing all users into one system, it creates a larger attack surface, that is more vulnerable to cyberattacks. 

MPTC currently operates the North-Luzon Expressway (NLEX), Subic-Clark-Tarlac Expressway (SCTEX), Manila-Cavite Expressway, (CAVITEX), Cavite-Laguna Expressway, (CALAX), and Cebu-Cordova Link Expressway. (CCLEX) 

Leaked Data

According to a report by cybersecurity watchdog, Deep Web Konek, the following data was leaked:  

  • Reloaded Records (40,2570): Details of reloaded balances on customer’s toll cards 
  • Pre-loaded Records (16,703): Records of pre-loaded toll accounts 
  • Reload Reports (83,916): User transaction logs 
  • Insertion Reports (15,424): toll card insertion logs 
  • Adjustment Records (258,800): Records of adjustments done to customer accounts 
  • Invalid Adjustment Records (69,196):  Records of adjustments flagged as invalid 
  • API Adjustment Logs (488,552): Logs of changes made to customer accounts via the API.  
  • Easytrip Card Number Inventory (247,324): Includes both active and inactive cards  
  • MPTC Employee Telephone Directory (3,000): Contact details of employees and contractors  

MPTC Confirms “Limited” Data Breach

The MPTC issued an advisory on their Facebook page, confirming the incident and describing it as a “limited data breach.” They stated that their information security team already contained the affected systems and assured the public that the accounts and wallet of Easytrip users remain secured. MPTC also indicated that they would be reaching out to affected users soon.  


Share this article
Email