The breach can be deemed a national security risk as the data could be used for blackmailing law enforcement personnel
A cybersecurity researcher at vpnMentor recently discovered the breach of non-password protected database containing over 1.2m records related to individuals who were employed or who had applied to work in law enforcement in the Republic of the Philippines.
The records contain highly sensitive ‘personally identifiable information’ such as scans of passports, birth and marriage certificates; drivers’ licenses; academic transcripts; security clearance documents, and many more.
The size of the database is 817.54GB, and it contained 1,279,437 records. The database also contained character testimonials, in the form of letters from courts and municipal mayors’ offices certifying that those individuals that were applying to work in law enforcement possessed the requisite traits and had no prior criminal records.
There was also a selection of documents containing Tax Identification Numbers (“TIN”) – a nine-digit number given to individual and corporate taxpayers by the tax authorities in the Philippines for identification and record-keeping purposes.
Any data breach that exposes personal information belonging to police and members of law enforcement or similar officials can be dangerous, according to Jeremiah Fowler, the researcher that disclosed the discovery of the leak. Individuals whose data is exposed could be potential victims of identity theft, phishing attacks, and a range of other malicious activities. It would be easy for criminals to apply for loans, credit, or other financial crimes using the identity of these individuals and supporting documents. The availability of government records in an unsecured database raises concerns about potential national security issues: “The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes,” Fowler noted.
Furthermore, there exists a potential risk of a cyberattack or the encryption of the database via ransomware, although Fowler did not observe any such indications during his investigations. This is a developing story as the Philippines authorities investigate.