21 February 2024
A recent discovery by cybersecurity researcher Mr. Jeremiah Fowler, working with cyber-security firm vpnMentor, has unveiled a significant vulnerability within the Philippine education ministry’s systems. The breach, disclosed on February 20, 2024, has raised concerns regarding the security of sensitive data belonging to over 210,000 individuals.
Fowler’s investigation revealed a critical gap in the security infrastructure of an online platform utilised by senior high school students for government voucher applications, leaving it susceptible to unauthorised access. The compromised system, stored in the cloud, contained a staggering 154 gigabytes of crucial documents, including tax filings, consent forms, government certifications, and employment and death certificates.
Of particular concern were the exposed tax records, which contained detailed personal information such as full names, home addresses, phone numbers, employer details, and tax identification numbers. Additionally, the online application forms stored sensitive data like full names, birthdays, genders, addresses, contact information, parents’ income sources, properties owned, and even photographs of the applicants.
This incident marks the second breach of the education ministry’s database in 2024. Earlier, on February 14, the Deep Web Konek cyber-security community disclosed a separate data breach involving 750 gigabytes of banking and personal records of students and teachers under the ministry’s regional office in Manila.
In response to Fowler’s findings, speaking to The Straits Times, the Philippines’ National Privacy Commission confirmed being informed of the breach in January. They assured the vulnerability has since been patched. Despite this assurance, the incident underscores the pressing need for enhanced cybersecurity measures within the Philippine education system.
This breach highlights broader cybersecurity challenges facing the Philippines and the Southeast Asian region as a whole. Recent rankings have positioned the Philippines as the second most vulnerable country to cyber threats in the region, trailing only behind Indonesia. As the region moves towards the digitalisation of multiple aspects of government services, including education systems, greater protection and policy looks necessary.
