On the Alleged Data Breach

Date of Release: 11 October 2023
Reference No. 23ONS00-141

On 07 October 2023, information about an alleged data leak involving a system managed by the Philippine Statistics Authority (PSA) was posted by a certain actor on social media. The PSA immediately activated its Data Breach Response Team (DBRT) and launched an investigation. The PSA has coordinated with the Compliance and Monitoring Division of the National Privacy Commission (NPC), the National Computer Emergency Response Team-Philippines (NCERT-PH) of the Department of Information and Communications Technology (DICT), and the Anti-Cybercrime Group of the Philippine National Police (PNP) in relation to this matter.

From the initial assessment, the system allegedly affected is limited to the Community-Based Monitoring System (CBMS). The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course. The agency is taking additional preventive and containment measures to ensure the security and integrity of all systems and databases that it manages, including shutting down and isolating the system known to have been affected.

The PSA assures the public that the Philippine Identification System (PhilSys) and the Civil Registration System (CRS) have not been affected.

The PSA warns the public that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts. Therefore, the public is strongly advised not to click on such links.

The PSA strongly condemns this activity, and we will be working with all law enforcement agencies to apprehend the perpetrators.
The PSA is committed to ensuring the integrity of its data and confidentiality of the information collected through its surveys, censuses, PhilSys and CRS. In line with this, the agency, in collaboration with all authorities, continues to maintain and strengthen its technical, organizational, and physical security measures.

National Statistician and Civil Registrar General