Technology
Technology
cybersecurity

PSA notifies NPC of data breach, says limited to community-based monitoring system

Gelo Gonzales

SUMMARY

This is AI generated summarization, which may have errors. For context, always refer to the full article.

PSA notifies NPC of data breach, says limited to community-based monitoring system
The Philippine Statistics Authority is 'assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course'

MANILA, Philippines – The Philippine Statistics Authority (PSA) has submitted a breach notification to privacy watchdog National Privacy Commission, the NPC said on Wednesday, October 11.

The breach notification was made at 6:00 pm on Tuesday, October 10.

The PSA also issued a statement explaining their actions after various posts appeared online beginning Saturday, alleging of a breach at the agency. The unconfirmed posts showed blurred photos of IDs, and large amounts of data purportedly coming from a breach PSA database.

The PSA said it immediately coordinated with the NPC, the National Computer Emergency Response Team-Philippines (NCERT-PH) of the Department of Information and Communications Technology (DICT), and the Anti- Cybercrime Group of the Philippine National Police (PNP).

The agency said “From the initial assessment, the system allegedly affected is limited to the Community-Based Monitoring System (CBMS). The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course.”

The PSA also said that as part of its “preventive and containment measures,” it has shut down and isolated the system known to have been affected. It assured that such other systems as the Philippine Identification System (PhilSys) and the Civil Registration System (CRS) have not been affected.

NPC rules on breach notification

The NPC enforces rules on mandatory breach notification. Data holders are required to notify the NPC of a possible breach within 72 hours of having enough knowledge or reasonable belief that a breach has occurred.

A data breach falls under mandatory breach notification to the NPC when it fulfills all of these elements:

  • There is sensitive personal information involved that can be used for identity fraud
  • The data was believed to have been stolen by an unauthorized entity
  • The breach is likely to open up data subjects to real risks of serious harm

Risk reduction benefits from reporting, the involvement of more than 100 data subjects, and effects on national security, public safety, public order, or public health are other factors that are also considered whether a breach falls under mandatory reporting.

The PSA breach notification occurred as The Philippine Health Insurance Corporation finds itself in a “staggering” data breach that likely affects “millions” of members. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!
Clothing, Apparel, Person

author

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.
More from Gelo Gonzales

cyberattacks

data security