Department of Foreign Affairs

DFA takes down online passport tracker after data exposure flagged

Sofia Tomacruz
The Department of Foreign Affairs says it is investigating the issue and taking 'appropriate measures' to secure data. An internal audit will also be done.

The Department of Foreign Affairs (DFA) has taken down its online passport tracker after learning about issues related to the security of the public’s data on its website. 

The DFA said in a statement on said on Wednesday, November 10, that it was made aware of the issue on Tuesday, November 9, and that its information technology unit was investigating the issue. 

“The DFA’s IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed. An internal audit will also be conducted to prevent similar incidents from happening in the future,” the DFA said in a statement.

The DFA first launched its online passport tracker on September 11, 2021, to allow applicants to view the status of their passport applications. 

What happened?

Rappler spoke to a web developer who messaged the DFA on Wednesday regarding the security of its online passport tracker system. The developer found the personal information of applicants had been exposed on its website after the online tracker came up on a Google search about an individual.

The developer, who requested not to be named, said data privacy issues on the DFA’s tracker stemmed from the personal information of applicants being “hard coded” in the tracker’s source or program, which can be accessed online. 

Information such as emails, birthdays, and contact numbers were among the data that could be accessed.

On Thursday, the DFA Office of Consular Affairs assured the public that it was working with the National Privacy Commission to resolve the issue and that it prioritized the protection and privacy of applicants’ data. 

In the meantime, the DFA said applicants may reach out to the following contact details regarding the status of their passport applications:

Email addresses: passportconcerns@dfa.gov.phoca@dfa.gov.ph
Hotlines: 09773533942, 09619432021, 09560526290 or (02) 8651-9400
Facebook: facebook.com/dfaphl
Twitter: twitter.com/DFAPHL, twitter.com/DFAOCA
Instagram: instagram.com/dfaphl

This is not the first time that a Philippine government website faced data privacy and security issues. 

In May 2021, Rest of the World reported that UK security company TurgenSec identified the data exposure of some 345,000 sensitive court documents from the Philippines’ Office of the Solicitor General for at least two months. The information, it added, “could have been accessed by anyone who knew where to look.”

In 2016, the Commissions on Elections website got hacked, causing a leak in voter information. It was the first major open leak of elections-related data by a hacker group in the Philippines, where data exposed not only included publicly available information, but also voter data, voter registration data, and databases relevant to the functionality of the website. – Rappler.com

Sofia Tomacruz

Sofia Tomacruz covers foreign affairs and is the lead reporter on the coronavirus pandemic. She also writes stories on the treatment of women and children. Follow her on Twitter via @sofiatomacruz. Email her at sofia.tomacruz@rappler.com.