cybersecurity

DOST confirms ‘data leak incident’ in science, tech experts portal

Iya Gozum

This is AI generated summarization, which may have errors. For context, always refer to the full article.

DOST confirms ‘data leak incident’ in science, tech experts portal
(1st UPDATE) No personal information was compromised, the Department of Science and Technology says in a statement

MANILA, Philippines – The Department of Science and Technology (DOST) on Thursday, October 12, confirmed a “data leak incident” involving the OneExpert website, a nationwide registry of Filipino science and technology experts.

The DOST said it received the report from the Philippine National Computer Emergency Response on August 31.

Based on the investigation, a “compromised account” was used to access the site.

“We would like to assure everyone that no sensitive personal information has been compromised,” DOST Western Visayas chief Rowen Gelonga said in statement on Thursday.

The data leaked from OneExpert include names of technical experts, their email addresses, as well as users’ email addresses.

This was divulged in a Facebook post on October 8, alongside sensitive information from the Philippine Statistics Authority and the Philippine National Police.

Since being notified of the breach, the DOST said they had already put up additional security measures and “the website’s normal operations were restored soon after.”

“While the list of clients or users is not readily accessible through the portal, the website’s use is diligently monitored, reported, and are made available as part of DOST official records,” said Gelonga.

Science Secretary Renato Solidum told reporters on Friday, October 13, that experts whose information were leaked were not worried “because these are not sensitive data.” 

If anything, the leak provided “free advertisement,” said Solidum, because the portal was about publicizing the names of the experts to connect them to the public. 

“We don’t put any sensitive data there,” said Solidum. “But it was fixed right away.”

Solidum also explained that the incident was not an indication of any vulnerability in the DOST’s system because the portal is a separate online database. 

“Hindi, kasi hiwalay ‘yun eh (No, because it’s separate),” said Solidum. “It’s a system that’s separated from our own system.”

The DOST confirmed the breach comes after what the National Privacy Commission had called a “staggering” leak of confidential information of members and employees of the Philippine Health Insurance Corporation. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI
Download the Rappler App!
Face, Happy, Head

author

Iya Gozum

Iya Gozum covers the environment, agriculture, and science beats for Rappler.