Recent Cybersecurity Incidents (Philippines)

Senate Website Hack

On August 20, 2024, the Legislative Information System and Legislation SharePoint Site of the Senate of the Philippines were breached by threat actor group Deathnote Hackers International. The group allegedly extracted usernames and gained unauthorized access to legislative documents and transcripts. DeathNote criticized the Senate’s outdated IT infrastructure and web design and offered the public a choice of either leaking the data or conducting a Vulnerability Assessment and Penetration Test (VAPT).

Senate Spokesperson Atty. Arnel Jose S. Banas confirmed the cybersecurity incident, supporting the statement from the Department of Information and Communications Technology (DICT) that the breach should not be a “cause for alarm” as the compromised data were “intended for public consumption.” DICT Assistant Secretary Renato Paraiso, in an interview, noted that the incident has already been resolved and that they are working closely with the Senate to strengthen their cybersecurity measures.

Chinese General Hospital data breach alleged by DEDESEC

On August 20, Deep Web Konnek, a tech watchdog, reported a data breach at the Chinese General Hospital and Medical Center (CGHMC) in Manila. The cybercriminal group “DEDESEC” claimed responsibility, with a user named “mapadedsec” detailing the breach on a dark web forum and linking to a file-sharing site where the stolen data is allegedly hosted.

Established in 1891, CGHMC is a major institution serving the Chinese-Filipino community. DEDESEC asserts that they accessed sensitive data on Chinese and Filipino patients, citing political tensions as their motive.

The hospital has not yet confirmed the breach, raising serious concerns about patient privacy and potential misuse of the data. For more information on this incident, please refer to the following source here.

Bataan Heroes College hit by a data breach

On August 20, 2024, Deep Web Konnek, a tech watchdog, reported a data breach at Bataan Heroes College, involving the cybercriminal group “TheNexusSquad.” This breach gave the attackers unauthorized access to the college’s administrative systems, revealing sensitive information such as student names, IDs, email addresses, academic details, financial records, and enrollment data.

The exposed data has been found on a dark web forum, raising significant concerns about potential identity theft and phishing risks. 

Currently, the college has not issued an official statement regarding the breach.

For more information on this incident, please refer to the following source here.

Over 2,300 Phone Numbers of Customer Leaked

On August 19, 2024, cybersecurity enthusiast group, Deep Web Konek (DWK) reported a cybersecurity incident involving the leak of 2,339 customer phone numbers allegedly belonging to an undisclosed company. According to reports, the leak was uploaded to Breachforums by a user identified as BrotherArthur, who described the data as coming from “rich Philippine customers” and is selling the full 2024 data set (in Excel format) “on a first-come-first-serve basis” through Telegram.

Nimbyx Breach Update

On August 16, 2024, Deep Web Konnek, a tech watchdog, reported that the threat group “Dads” has issued a final warning to Nimbyx and Evident Digital. Following an earlier breach, “Dads” leaked personal information of dentists from various countries and has threatened to release more sensitive data if their demands are not met.

The additional data at risk includes patient information, intraoral scans, clinical photos, CBCT images, digital prescriptions, and surgical plan STL files. This threat comes after Nimbyx faced criticism for its work-from-home policies.

The initial breach occurred on August 9, when an attacker using the alias “PinoySniper21” compromised Nimbyx’s systems, citing the company’s perceived arrogance as motivation. The attacker’s email included a link to the breached site and an attachment with the stolen data.

For more information on this incident, please refer to the following source here.