Reports of hacking of PH companies rise, as authorities investigate more cases

Reports of hacking continue to rise in the Philippines, as more companies—and government agencies–report data breaches and other cybersecurity incidents.

Jollibee Group said it is investigating a reported data breach that may impact millions of customers.

The fast-food giant said it is working with authorities and experts to determine the scope of the incident and has implemented additional security measures to protect customer data. Jollibee’s e-commerce platforms are still operational.

Jollibee Group last week said it is looking into a reported data breach that could involve the data of millions of its customers. In a statement, Jollibee said its e-commerce platforms are still operating. 

Deep Web Konek, a cybersecurity group claimed hackers are selling data of 32 million Jollibee customers for over $40 million.

This follows a separate data breach at health provider Maxicare, affecting 13,000 members. Maxicare assures no sensitive medical information was exposed.

Hackers also reportedly targeted the computer systems of the Maritime Industry Authority (MARINA), a subagency of the Department of Transportation of the Philippine government.

Latest case involving the Manila Bulletin

The latest report on hacking involved a national newspaper, the Manila Bulletin, which sent shockwaves across the Philippine media sector.

The National Bureau of Investigation (NBI) on June 21, 2024, have arrested three individuals for the alleged hacking of both government and private institutions, banks, and Facebook accounts.

“Yung isa dito ay data officer ng Manila Bulletin. As a matter of fact, ang ina-allege niya base sa kanyang extrajudicial confession, ang may hawak sa kanya, at nag-uutos sa kanya mag-exploit ng mga system ay editor ng Manila Bulletin (One of them is a data officer of the Manila Bulletin. In fact, he alleges, based on his extrajudicial confession, that the one handling him, and ordering him to exploit systems is an editor of the Manila Bulletin),” NBI Cybercrime Division chief Jeremy Lotoc, quoted by the Philippine News Agency (PNA), said.

The suspects, whose faces were covered, were identified through aliases ‘kangkong’, ‘Mirasol’, ‘Sibat’, ‘Ricardo Redoble’, and ‘lulu’, and were involved in multiple unauthorized access attempts and breaches of private and government websites since 2016.

All suspects are members of two big hacking groups, Philippine Lulzec and Globalsec.

Lotoc said they tracked the hackers’ movements and monitored online activities to establish patterns and connections linked to their activities. However, Lotoc said their most worrisome discovery is the data from one of the device of aka “Illusion”, “which contains thousands of bank credentials that include usernames, passwords, and even OTPs (one-time passwords).”

These banks, he said, include the Philippine National Bank, Banco de Oro, Union Bank, and Security Bank.

The NBI, in its press release, said that on June 14, initial contact with the subjects was made through the informant, where they agreed to meet. The suspects were arrested on June 19 in a hotel in Manila and underwent inquest proceedings on June 20.

They were recommended to be charged with Illegal Access under Section 4(a)(1) and Misuse of Device under Section 5(iii) of RA 10175 or the Cybercrime Prevention Act of 2012, as well as Unauthorized Access or Intentional Breach under Section 29 of RA 10173 otherwise known as the Data Privacy Act of 2012.

The third subject with an alias ‘Allan 10k’ will be charged through direct filing. NBI director Jaime Santiago said that this is only the start of his promise made when he took over the agency.

The Department of Information and Communication Technology (DICT), meanwhile, commended the NBI for its arrest of the hacking suspects.

In the same press briefing, the arrested data personnel of Manila Bulletin alleged that he was acting under the orders of the paper’s tech editor and ICT head Art Samaniego. The NBI said the allegations against Samaniego are under investigation.

Denial

In a statement, Samaniego denied the allegations and said he did not stand to gain anything from the hacking incidents, specifically the hacking of the Armed Forces of the Philippines’ website.

The Manila Bulletin, in a separate statement, said it has always “adhered to the laws of the land and requires its employees to be law-abiding.”

“We expect our employees to be accorded their rights. We assure the public of Manila Bulletin’s utmost fidelity to the laws of the land,” it added. 

Biggest data breaches reported in the Philippines

There have been notable cases of data breaches involving both private and government entities in the Philippines in recent years.

In 2016, the Commission on Elections (Comelec) reported a date breach which affected 70 million a month before the national elections. The breach reportedly involved fingerprint data; passport information; email addresses; postal addresses; birthplace; height and weight; gender; marital status; and parents’ names.

In 2017, the website of fast-food chain Wendy’s Philippines was reportedly hacked and  over 82,000 customer and employee records, including names, email addresses, postal addresses, and resumes, were affected. In response, the National Privacy Commission (NPC) obliged the company to notify those affected and ordered the company to perform a security assessment.

In 2019, pawnshop and remittance firm company Cebuana Lhuillier reported a data breach involving its email servers for its marketing activities, compromising the data of roughly 900,000 clients. The company further reported that it has traced unauthorized downloads dating back to August 2018.

 Cebuana Lhuillier reported that the data dump included customer birthdays, addresses, and sources of income. Fortunately, financial transaction details were not affected, it said. The NPC also conducted an investigation on the reported attacks.

In 2020, the government-controlled bank United Coconut Planters Bank (UCPB) said it lost millions of pesos through a security breach on its online transfers and automated teller machine (ATM) withdrawals. The incident reportedly happened during in June 2020, during a holiday. Reports said in one case, the suspects made 57 withdrawals from a single ATM, taking out its entire P4 million stock. The total losses amounted to P167 million, authorities said.

More recently, national health insurer Philippine Health Insurance Corporation (PhilHealth) in October 2023 reported that hackers have begun releasing stolen PhilHealth data and releasing the data through the dark web. Data—about 734 gigabytes of files–included confidential memos and member data (i.e., addresses, phone numbers, and insurance IDs). A ransom was also reportedly demanded.

Authorities said the hacker group, which the government calls Medusa, accessed the PhilHealth data on September 22 after restricting PhilHealth staff from accessing their system. Source: Philippine News Agency (PNA). https://www.pna.gov.ph/articles/1227438

One thought on “Reports of hacking of PH companies rise, as authorities investigate more cases

Leave a Reply

Your email address will not be published. Required fields are marked *