MANILA, Philippines – The National Privacy Commission (NPC) on Friday, October 13 announced the launch of its “Na-leak ba ang PhilHealth Data ko” described by the agency as a “a simplified database search portal designed to help individuals verify the  status of their personal information” in light of the recent PhilHealth breach. 

The tool can be accessed via philhealthleak.privacy.gov.ph, and requires a user’s PhilHealth Identification Number.

The database for the portal is a work-in-progress, with records to be updated as the NPC continues to analyze the 734GB of stolen data. As of its launch, the portal’s “initial batch of data pertains to individuals aged 60 years and above, containing an estimated 1 million records out of 8.5 million senior citizens.” 

The initial 1 million records are “identified from a vulnerable group (Senior Citizens) confirmed to be part of the leaked database,” a message from the portal states. Below is a screenshot of the tool:

The portal will be “regularly updated” as analysis continues “to provide the most up-to-date information, gradually including data from all  age groups affected by the PhilHealthLeak incident, offering a reliable resource for assessing the  security of your personal data.”

“The primary aim of this tool is to empower Filipinos, especially senior citizens, to take  proactive measures in safeguarding their data and securing themselves against potential risks  like identity theft, financial fraud, phishing attacks, extortion, blackmail, medical identity theft,  reputational damage, and invasion of privacy,” the NPC said. 

The portal only focuses on data from the PhilHealth breach, and the NPC reminded people that a negative result here doesn’t mean that your personal data wasn’t potentially leaked in a different breach. 

Given the current work-in-progress state described by the NPC, what the portal can do right now is to verify for affected individuals already in the database that they are part of the breach.

If the portal shows, however, that a user is not part of the breach, one possibility is that their records simply haven’t been seen yet in NPC’s ongoing analysis of the stolen data, and may turn out to be the opposite as the agency works towards completion, and regularly updates the database.

“While every effort has been made to compile accurate and up-to-date information, the nature of data breaches and ransomware incidents is complex and constantly evolving. The absence of your personal data in this search result does not definitively confirm that your information has not been compromised,” the NPC states on the portal. – Rappler.com