HACKERS yesterday attacked the website of the House of Representatives, the highest branch of government so far to have been hit by a cybersecurity breach this year.
A group calling itself “3MUSKETEERZ” defaced the lower house’s website before noon with a “YOU’VE BEEN HACKED” and troll face comic meme posted on the left side of the landing page, www.congress.gov.ph.
“Happy April Fullz kahit October pa lang! Fix your website,” the hackers wrote before the website became inaccessible.
In a statement, House Secretary General Reginald Velasco confirmed that the official website of the House “experienced unauthorized access earlier today” and assured that “immediate steps have been taken to address the issue.
“We are working closely with the Department of Information and Communications Technology (DICT), Cybercrime Investigation and Coordinating Center (CICC) and law enforcement agencies concerned to investigate the matter,” Velasco said.
“While we work to restore the website fully, we ask for patience and understanding. We are committed to ensure the security and integrity of our digital platforms, and we will implement additional measures to prevent such incidents in the future. For the moment, we advise the public to be cautious of any suspicious emails or communications that claim to be from the House of Representatives,” he also said.
The DICT affirmed Velasco’s statement. “We are in constant communication and coordination with the HOR and are currently investigating the extent of the said incident.
We shall provide further updates to the public as soon as they become available,” it said in a brief statement.
Just this week, the Department of Science and Technology confirmed a data leak that hit its OneExpert portal, although it claimed that no sensitive data was compromised.
That same week, the Philippine Statistics Authority also fell victim to a cyberattack on its Community-Based Monitoring System, which, it said, had a minimal data breach.
The Philippine Health Insurance Corporation (PhilHealth) was also hit with a ransomware attack and the group responsible has since leaked data from the state insurer, which was forced to temporarily operate manually.
EXPERTS
Sen. Imee Marcos said the government should hire cybersecurity experts to prevent future cyberattacks on the official websites of government offices.
Marcos said the government has what she called “information technology practitioners,” which she added are different from experts.
“Wala naman talaga tayong cybersecurity experts sa government. Mga IT practitioners ‘yan, pero iba ‘yun eh. ‘Yung cybersecurity expert very specific field ‘yan, kailangan makuha ‘yan (We really do not have cybersecurity experts in government. What we have are IT practitioners. Cybersecurity is a very specific field. We need to have them),” Marcos told radio dzBB.
She added cybersecurity experts know what king of software or equipment needs to be acquired to ward off cyberattacks.
“Mismo ‘yung sa procurement, ‘yung bumibiling department ay hindi nila naiintidihan ‘yung highly technical na equipment kaya siguro nagkakaroon ng failure of bidding. Hindi na-a-award, hindi natutuloy ang pagbili ng equipment kahit may pondo (The procuring department itself does not understand highly technical details of the equipment, that’s why there is a failure of bidding. The contracts are not awarded, they do not push through even if [the agency] has funds to purchase such equipment),” she also said.
Marcos filed Senate Bill No. 1365 in October last year proposing to institutionalize and strengthen the National Cybersecurity Inter-Agency Committee which was created under Executive Order No. 95 (series of 2019). No hearing has yet been conducted to discuss the proposed measure.
PHILHEALTH
Meanwhile, the National Privacy Commission (NPC) over the weekend called on PhilHealth to identify the members affected by the data leak and notify them individually.
NPC has launched the “Na-leak ba ang PhilHealth Data ko?,” a simplified database search portal designed to help individuals verify the status of their personal information following the recent compromise of the PhilHealth database.
The search portal is an independent project launched by the NPC using a dataset reportedly released by the Medusa Ransomware Group, which is comprised of approximately 734 GB of extracted data of members of all age groups.
The NPC said the portal is exclusively focused on the Medusa Ransomware attack and does not encompass data breaches from other sources or incidents.
The NPC said it is now analyzing the content of the Medusa dataset and that as of October 13, the initial batch of data available on the portal pertains to individuals aged 60 years and above, containing an estimated 1 million records out of 8.5 million senior citizens.
“We are still in the process of analyzing the entire data dump. The 1 million mentioned is just part of the initial batch of data that we have reviewed. Our investigation is ongoing to ensure accuracy and comprehensiveness,” NPC said in a statement.
To utilize the portal, users are required to enter their PhilHealth Identification Number (PIN), and the portal will verify whether their personal information was part of the leaked data.
It cautioned that a negative result from the search should not be misconstrued as an assurance of data security in other areas. — With Raymond Africa and Irma Isip
