SENATOR Sherwin Gatchalian urged government agencies to immediately report to the National Privacy Commission (NPC) any unauthorized access to the databases containing personal information that are in their custody.
Gatchalian made the call after learning of the Unified Student Financial Assistance System for Tertiary Education (UNIFAST) data breach in March that exposed the personal data of the more than one million Tertiary Education Subsidy (TES) applicants.
Gatchalian expressed alarm over the unabated attacks of hackers on government databases.
The TES database containing the private data of 1,130,899 applicants, including their student identification number, full name, birth date, father’s and mother’s names, and address, was accessed by unknown intruders on March 16.
The lawmaker said that according to an official document that his office received, the hacker accessed and deleted the TES database and left a ransomware, a type of malicious software, that threatens to publish the victim’s data unless a ransom is paid.
“The breach happened mid-March but the Secretariat was only able to report the breach to the NPC mid-April. Sana nireport nila nang mas maaga dahil responsibilidad nilang gawin ‘yon.” Gatchalian said, referring to Sec. 20 of Republic Act 10173 or the Data Privacy Act of 2012.
He urged the UNIFAST Secretariat to be more vigilant in securing and storing personal data of students as he noted the string of hacks on government websites in the previous weeks.
“The UNIFAST breach itself is alarming enough. But when you take into consideration the April 1 hack that leaked the Scout Ranger database of the Philippine Army, unscrupulous persons could cross reference both databases to determine where our soldiers live,” Gatchalian said.
“Kailangan natin ma-realize na this goes beyond the security of our students. Maaaring nakasalalay rin dito ang seguridad ng ating mga sundalo,” he added.
Gatchalian is a reserve officer of the Philippine Army, with the rank of lieutenant colonel.
He previously urged the Department of Information and Communications Technology (DICT) to investigate the April 1 attack made by hacking group Pinoy LulzSec on a large number of government websites.