MANILA, Philippines – Itinanggi ng Department of Information and Communications Technology (DICT) nitong Biyernes, Nobyembre 15 na walang nangyaring data breach sa eGovPH app.
“The Department of Information and Communications Technology (DICT), through its National Computer Emergency Response Team (NCERT) and the eGov Development Team, reports that the eGovPH App remains secure and that the alleged data exfiltration of a threat actor is a hoax,” saad sa pahayag ng DICT.
Naunang sinabi ng cybersecurity advocacy group na Deep Web Konek ang potensyal na data breach sa eGovPH app matapos ang sabihin ng threat actor ang access sa 200,000 know your client (KYC) user data.
“On November 8, 2024, a forum user under the alias ‘GR3GG3M3RC3R’ posted a message, claiming they had successfully exploited a 0-day vulnerability in the eGovPH system, which is used for various government services in the Philippines,” ayon pa sa post ng grupo.
“According to the post, the actor was able to gain root access, bypassing security protocols and accessing KYC IDs in the eGovPH database. The individual claims they have dumped and are ready to sell approximately 200,000 IDs,” dagdag niya.
Ang eGovPH ay single platform kung saan maaaring i-access ng publiko ang kanilang digital government IDs at magsagawa ng transaksyon sa pamahalaan.
Sa kabila nito, nanindigan ang DICT na ligtas ang mobile application at walang nakitang anumang banta.
“Results from the initial investigation made by NCERT and eGov show that no large data transfer, user suspicious behavior, or network activity anomaly in the eGovPH System were observed,” ayon pa sa ahensya.
“We assure the public that their data on the eGovPH App are safe and the services being provided by the DICT remain secure. We ask everyone to be mindful in sharing content online and rely on official Department channels for accurate information and updates,” dagdag niya. RNT/JGC