More than 300,000 files and documents, some of which contained sensitive information, belonging to the Office of the Solicitor General of the Philippines were accessed by an unknown party, according to UK-based cyber security provider TurgenSec.
The cyber security provider said in an online post that the data breach contained files ranging from documents generated in the day-to-day running of ‘the Solicitor General of the Philippines’, to staff training documents, internal passwords and policies, staffing payment information and information on financial processes and activities including audits.
The breached information also included several hundred files titled with presumably sensitive keywords such as “Private, Confidential, Witness and Password,” the company said.
“The nature of these documents is of particular concern as it may have the potential to disrupt/undermine on-going judicial proceedings,” TurgenSec said.
TurgenSec alleged that the information was public facing, meaning anyone with a browser and internet connection could access it. It is claimed that the breached data was accessed and downloaded by an unknown third party that was not TurgenSec.
“TurgenSec emailed the Solicitor General of the Philippines and the Philippines Government on the 1st of March, and the 24th March. These emails went unanswered, the breach was closed by the 28th of April, presumably using information provided by TurgenSec,” the company said in its post, dated 30 April.
The company said that the data breach was particularly alarming, given that at least some of the information contained governmental sensitivity and could impact on-going prosecutions and national security.
“An unknown third party has this data and it is likely now in the hands of malicious actors who could do considerable damage with it if mitigation steps are not taken,” the company said.
“We encourage the Solicitor General of the Philippines to submit the breached data to digital forensics specialists to ascertain the extent of this data breach and whether any file’s integrity was compromised. We also encourage them to publicly outline the extent of the information exposed and breached, and what steps are being taken to ensure this cannot happen again.
“Finally, we request that the Solicitor General of the Philippines informs the ICO [UK Information Commissioner's Office] if there are UK citizens data contained within this breach and to issue a public disclosure of this, and the full extent of what citizen data was breached, so that the impacted individuals can take the necessary steps to protect themselves,” it added.
As noted by media outlet ZDNet, the Office of the Solicitor General was reportedly breached by hacker group Phantom Troupe late last year.
While it seems that the latest data breach for the Office of the Solicitor General was likely a case of misconfigured data storage, it comes nearly two months after Singapore Airlines warned frequent flyer members of a third-party breach affecting up to 580,000 people.
Singapore Airlines said in a statement published on 4 March that it had been informed by air transport communications and information technology provider SITA of a data security breach involving its Passenger Service System (SITA PSS) servers.
Although Singapore Airlines is not a direct customer of the SITA PSS, the breach of the SITA PSS server had affected some of its KrisFlyer and PPS members. This was due to the use of the SITA systems by a fellow Star Alliance member.
Just days earlier, Malaysia Airlines informed Enrich frequent flyer members of a “data security incident” via a third-party IT service provider, insisting the breach avoided the national carrier’s core IT infrastructure and systems.
Delivered via an email note to members on Monday 1 March, the airline advised that the incident occurred at some point during a nine-year period between March 2010 and June 2019, without disclosing the number of individuals impacted.
Breached personal data includes Enrich member names, date of birth, gender and contact details, in addition to frequent flyer number, status and tier level information.