In a statement on Thursday, the NPC referred to the hacking of individual user accounts on Facebook, Twitter, Yahoo, and Wattpad, as well as some websites operated by public and private organizations, done by a group of local hackers.
“Beginning April 1, 2019 until yesterday (Wednesday), the National Privacy Commission has gathered reports and claims of alleged hacking incidents of certain websites that may have involved personal data,” Privacy Commissioner Raymund Liboro said.
“These hacking incidents are now under investigation,” Liboro added.
The commission expects organizations that handle data or personal information controllers (PICs) that were affected by the hacking incident to report within 72 hours upon discovery of the data breach regarding its scope, nature and extent.
“In any event, appropriate actions should be taken to safeguard data subjects,” Liboro said.
Republic Act 10173 or the Data Privacy Act states that failure to timely report a data breach is punishable by up to five years imprisonment and a fine of up to PHP1 million upon conviction. Unauthorized access or intentional breach is punishable by up to three years imprisonment and a fine of up to PHP2 million upon conviction.
Responsible officials of PICs, who would be proven negligent in safeguarding personal data, may also face imprisonment of up to six years and a fine of up to PHP4 million upon conviction.
Meanwhile, the Department of Information and Communications Technology (DICT) said its Cybersecurity Bureau was able to implement measures to contain the damage caused by the hacking.
“The Bureau learned from its cyber-intelligence platform and social media page that there is an impending attack, which is why the national computer emergency response team (CERT-PH) was able to proactively defend and inform agencies, thus damage was controlled. The team also opened all communication channels 24/7 should the agencies require any assistance,” Allan Cabanlong, DICT Assistant Secretary for Cybersecurity and Emerging Technologies, said in a separate statement.
The DICT Cybersecurity Bureau called for a meeting of the National Cybersecurity Interagency Commission on Friday to assess the country’s cybersecurity situation and craft updated security protocols to all government employees in the storage, handling and distribution of all forms of communications.
Senator Sherwin Gatchalian has urged the DICT to investigate the hacking of the websites.
Local hackers, who call themselves Pinoy LulzSec, on Monday hacked into the database of the Armed Forces of the Philippines and leaked information, including files on military personnel. The group also managed to hack into government websites, as well as websites of universities and private companies, including Ateneo de Zamboanga and the Technological University of the Philippines in Taguig.