Best Posts in Thread: Massive ph data breach (COMLEC website)

If I were a Filipino I would be asking for a bit more information on exactly what was and wasn't encrypted. The potential damage that could be caused by this security breach could be massive. The fact that there is ANYONE out there that would choose to not encrypt sensitive data after ALL the major data breaches that have occurred in the past couple years is absolutely amazing. (This sh*t should be taken seriously, especially at the level COMLEC is operating on. They should know they are going to be a prime target. This kind of stuff is exactly why I make sure the forum's servers are secure/updated, user data encrypted and front-end software is updated. Note: I'm not saying that this site could never be hacked, it's certainly not "hack proof", but it has been secured to the best of my ability.....which appears to be higher than those running COMLEC.)

 

Remember when OPM got breached last year? There was a lot of excitement in various parts of the world (namely the US) because here we had a government department (Office of Personnel Management), and they’d just lost 21.5 million records! These records included such sensitive data as names, dates of birth and addresses and by any reasonable measure, it was serious – that’s almost 7% of the country’s population!

Yet somehow, last week’s news that 55 million Filipino voters’ data was now out in the wild went largely unnoticed. Let’s put it down to a very western-centric tech media but move past that and look at this incident for what it is – a ginormous data breach with extremely sensitive information and at 55M individuals, that’s also more than half the country’s population.

Whilst there’s been limited press coverage on the issue, a public statement from the Filipino government has suggested that nothing sensitive was disclosed. As I discovered when I reached out to some of the people involved, this is blatantly wrong. Here’s how it all unfolded. When a nation is hacked: Understanding the ginormous Philippines data breach

 

I don't think so.

TDE. But if the data is presented to the public, as 99 percent of forum user data is, there is no need to encrypt it.

 

Nope nor would I the way they run their websites here! Probably the worst anywhere.

 

A massive data breach seems to have left 55 million Philippine voters at much greater risk of identity fraud and more.

Security researchers warn that the entire database of the Philippines’ Commission on Elections (COMELEC) has been exposed in what appears to be the biggest government related data breach in history. The COMELEC website was compromised and defaced on 27 March by Anonymous Philippines before a second hacker group, LulzSec Pilipinas posted COMELEC’s entire database online days later.

All sorts of sensitive information – including passport information and fingerprint data – appears to have been included in the data dump. Some of the data was encrypted but there were some fields that were left wide open, according to a investigation by Trend Micro.

Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible for everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and list of peoples running for office since the 2010 elections.
The data spill comes weeks before upcoming national elections in the Philippines, scheduled for 9 May. Anonymous Philippines warned COMELEC that it ought to harden the security of its vote-counting machines at the time the hacktivists defaced its website. Megabreach: 55 MILLION voters' details leaked in Philippines • The Register