Minaliit pa ni Ivan Uy! 80,000 impacted by BOC hacking, Chinese suppliers implicated | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

By Eileen Mencias

The Department of Information and Communications Technology (DICT) has confirmed a breach in the system of the Bureau of Customs, compromising sensitive personal information of its employees and customers.

In an interview with the radio program Ted Failon and DJ Chacha on April 10, 2024, DICT Assistant Secretary and spokesperson Renato “Aboy” Paraiso downplayed the extent of the hacking, saying it only involved some 10 gigabytes of data.

According to Deep Web Konek, a Filipino cyber security-focused group, the personal information of 2,200 BOC employees spanning from 2019 to 2024 has been compromised. This includes their names, addresses, contact numbers, email addresses, employee IDs, and employment history.

Sensitive information of some 80,000 customers, both private and public, was also seized by the hackers.

Deep Web Konek identified the threat actors as DeathNote Hackers PH, Excommunicado, and Philippine Hacking University, which warned that the bribery within the BOC and its lack of focus on cybersecurity have put it at risk. Other agencies may face similar action if they do not take prompt corrective action.

The BOC hacking occurred mere days after the largest hacking incident under the administration of Marcos Jr. at the Department of Science and Technology.

Paraiso said the BOC’s systems were supplied by Chinese contractors, as were the systems of other government agencies, because they are cheaper than other providers. Only the system involving the submission of reports and the internal communications of the BOC related to the reports was affected.

He said that the investigation into the BOC hacking commenced on Monday. While noting that the group responsible for the BOC hacking differs from the one behind the DOST breach, he emphasized they do not dismiss the possibility of a connection between the two incidents.

Moreover, he suggested that international groups might be involved due to their familiarity with Philippine government agency systems.

Paraiso said that a complete ban on Chinese suppliers is not feasible due to constraints imposed by procurement laws.

Instead of a ban, Paraiso urged government agencies to ensure the integrity and security of their systems, ensuring they have no backdoors.

He also said that the DICT advocates for every government agency to establish an emergency response team and provide enough access to monitor their systems. This enables them to promptly alert the agency upon detecting irregularities.


Click Here For The Original Story From This Source.


National Cyber Security