Earlier this afternoon, a massive data breach was reported, affecting a wide range of municipalities, organizations, and government bodies. The breach claimed by the group, DeathNote Hackers, was first discovered around 5:40 PM by the Deep Web Konek Team. The breach has compromised sensitive information from 31 entities, spanning local government units, national agencies, and private organizations.
Affected Entities
The affected entities include:
- Municipality of Molave
- Municipality of Mahayag
- Municipality of La Trinidad
- Municipality of Pigcawayan
- Municipality of Oroquieta
- Municipality of Sancarlos
- Municipality of Trinidad Bohol
- Malaybalay Water District
- Metro Lipa Water District
- Commission on Audit – BARMM
- Municipality of Muntinlupa City
- City Government of Tagbilaran
- Agricultural Credit Policy Council
- Integrated Chemists of the Philippines
- Research Institute for Teacher Quality
- Philippine Society of Medical Oncology
- Philippine Librarians Association, Inc.
- Innovate – Department of Trade and Industry
- Bangsamoro Autonomous Region in Muslim Mindanao
- Provincial Assessor’s Office – Occidental Mindoro
- Mimaropa – Department of the Interior and Local Government
- Philippine Development Plan Archives – National Economic and Development Authority
- Commission on Higher Education
- Bureau of Customs
- Bataan Vaccine System
- Department of the Interior and Local Government
- Department of Environment and Natural Resources
- Mines and Geosciences Bureau
- Department of Science and Technology
- Sanvicente Palawan Government System
- Automobile Association of the Philippines
Scope and Impact
The breach has resulted in the leak of approximately 93GB of data. Initial investigations have revealed extensive details, particularly sensitive information from the Bureau of Customs and the Automobile Association of the Philippines (AAP). The compromised data includes user IDs, email addresses, personal identifiers, and detailed records related to customs operations and member information from AAP and parcel tracking system of Bureau of Customs. This was not the first time the said agency was breached as last April, they got attacked by the same threat actors.
Breakdown of Data Leaks by Agency
The data compromised in the breach is distributed as follows:
- Commission on Higher Education (CHED): 75 GB
- Department of Environment and Natural Resources – Forest Management Bureau (DENR-FMB): 649.8 MB
- Automobile Association Philippines: 5.81 GB
- San Vicente, Palawan LGU: 3.80 GB
- Department of the Interior and Local Government (DILG): 1.6 MB
- Mines and Geosciences Bureau: 608 KB
- Bataan Vaccine System: 490.1 MB
- Bureau of Customs Parcel and Balikbayan Box Tracking System: 433.6 MB
- Department of Science and Technology – Philippine Nuclear Research Institute (DOST-PNRI): 2.29 GB
- Multi Government Scraping: 4.58 GB
Hacker’s Motivation and Background
According to their Facebook post at 6PM, on May 16, around 7 PM, the DeathNote Hackers PH were engaged in various activities when they received reports that their page had been unpublished by Meta. The group quickly investigated and discovered that law enforcement, influenced by a government agency, was responsible for this action. This was perceived as an attack on their operations, leading them to retaliate with a large-scale breach.
The DeathNote Hackers have a history of targeting government and educational institutions, focusing on entities they believe deserve scrutiny. They emphasize that their breaches are high-profile and aim to expose corruption and negligence. This particular breach was driven by their determination to protest against perceived governmental overreach and to highlight systemic issues.
Government and Organizational Response
The affected entities should start immediate coordination with cybersecurity experts to mitigate the impact and prevent further breaches. The National Privacy Commission (NPC) should be notified and is expected to launch a comprehensive investigation into the breach.
This data breach highlights the growing threat of cyberattacks and the critical need for robust cybersecurity measures across all sectors. As investigations continue, affected entities are expected to provide updates and support to those whose information may have been compromised. The DeathNote Hackers have signaled their intent to continue their activities, underscoring the ongoing challenge of securing sensitive information in an increasingly digital world.