Supreme Court of the Philippines in PAdre Faura on June 19, 2018. Photo by LeAnne Jazul/Rappler
in

UK Security Company Discloses Security Lapse That Caused Exposure of Thousands of Sensitive Documents in The Philippines

If cyber security has not previously been a topic that some were familiar with, the recent uptick in major entities being revealed to have been the victims of a breach should make most people sit up and take notice.

TurgenSec became aware of a publicly accessible data store which belonged to The Solicitor General of the Philippines. The breach appeared to contain over 300,000 files and documents.

TurgenSec emailed The Solicitor General of the Philippines and the Philippines Government on the 1st of March, and the 24th March. These emails went unanswered, the breach was closed by the 28th of April, presumably using information provided by TurgenSec. 

This breach was accessed and downloaded by an unknown third party that is not TurgenSec. 

TurgenSec Disclosure Notice

In this most recent case, there was no response taken to resolve said breach, and the Solicitor General of the Philippines and the Philippines Government never responded to TurgenSec when they revealed the breach to them.

Screenshot of Extent of Breach from TurgenSec statement

The UK is on the Cutting Edge

The example of the Philippines Government breach is sadly a common one when improper, or aging security models are in place to try to prevent cyberattacks. Companies like TurgenSec offer cutting edge technology to businesses in the UK to prevent and contain data breaches. When companies, and even governments, turn a blind eye to the possibility for a cyberattack, this is often the end result.

The lack of updated or properly managed cybersecurity protection that led to this large breach in the Philippines could have been prevented if the kind of technologies that are available in the UK had been in place. 

The Trouble With Lax Cybersecurity

Cybersecurity is a complex and evolving part of a well-run company’s daily activities. The kinds of cyber threats that company data can be exposed to change and morph over time. It is not enough to drop a few small attempts at security in place and hope for the best!

In the case of the Philippines data breach, there were more than 345,000 documents that were exposed to access by anyone with an internet browser. Due to the nature of the legal cases seen by the Supreme Court, some of these documents were military, terrorism, and intelligence based. Victims of crimes were exposed, along with their personal information such as their address and phone number.

A spokesperson for TurgenSec has stated, “This [breach] caught our eye because it seems that it might have broader ramifications”. This assessment is made clearer when one becomes aware that a whistleblower had to reveal the possibility of a breach because the Philippines government had either not noticed, or was not worried about the breach.

Armed with the belief that the Philippines government would want to hurry to contain the breach, TurgenSec reached out to the Solicitor General’s office repeatedly. There was never any response to this outreach. 

Technology is Paramount to Cybersecurity Success

The sad tale of the data breach of the Solicitor General’s Office in the Philippines is all too common. Excessive trust in outmoded or unsupported tech is a large factor in major data breaches around the world. Cutting edge, current, and relevant technology is required to keep sensitive data safe, secure, and out of hacker’s hands. 

Without the efforts of entities like TurgenSec, many important data breaches would go undiscovered every year. The UK stands at the forefront of the technology revolution that is leading to new cybersecurity tools each and every day, but much of the world is lagging behind, and often with disastrous results.

ILC to launch international competition seeking innovations responding to an ageing workforce

Why reform and separation is needed in the audit and professional services industries