top of page

PSA probes data leak; national ID, civil registry unaffected

October 12 ------ The Philippine Statistics Authority (PSA) has reassured the public that the reported data breach did not compromise the integrity of the national ID and civil registry systems. In an statement, the PSA said that both the Philippine Identification System (PhilSys), responsible for the implementation of the national ID program, and the Civil Registration System (CRS), which stores vital records like birth certificates, remained unaffected by the breach.

After conducting an examination, the PSA reported that the breach was isolated to the Community-Based Monitoring System (CBMS). The CBMS is a system that collects, processes, and verifies disaggregated data. It facilitates local-level planning, program implementation, impact monitoring, and community engagement.

This particular system was the only one impacted, PSA said, while the national ID and civil registry systems remained secure. "The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course," PSA said.

PSA’s clarification followed the announcement by Department of Information and Communications Technology (DITC) Secretary Ivan John Uy about a data breach in a government agency. Although Uy initially withheld the agency's name, he emphasized that the compromised data could have significant implications. "This is a substantial breach. The consequences are significant. We are currently waiting for them, for that agency to respond to all our requests,” Uy said.

The PSA is currently conducting an assessment to determine the potential compromise of personal data within the CBMS. Meanwhile, the National Privacy Commission (NPC) has confirmed that the PSA submitted a breach notification on Oct. 10. The PSA has been working closely with the NPC's Compliance and Monitoring Division, the DICT’s National Computer Emergency Response Team-Philippines, and the Philippine National Police's Anti-Cybercrime Group to address the matter.

Despite the incident, the PSA said it is implementing precautionary and containment measures to safeguard the security and reliability of all the systems and databases under its management. This includes isolating and shutting down the affected system. Data breach at the PSA comes shortly after the ransomware attack on the Philippine Health Insurance Corp. or PhilHealth. “The PSA warns the public that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts. Therefore, the public is strongly advised not to click on such links,” the statistics agency said. “The PSA strongly condemns this activity, and we will be working with all law enforcement agencies to apprehend the perpetrators,” it added.



bottom of page