Around 345,000 files from the solicitor-general of the Philippines, including sensitive information for ongoing legal cases, have allegedly been breached and made publicly available, UK cybersecurity firm TurgenSec has reported.
The files were publicly available since at least February, when TurgenSec said it first discovered the breach and emailed the solicitor-general and the Philippines government about the files.
Both the solicitor-general and the Philippines government allegedly did not respond to the company’s emails about the breach, which were sent on March 1 and 28.
The documents were eventually taken down on April 28, but the files have been accessed and downloaded by an unknown third party, Turgensec said.
According to the cybersecurity firm, the breach contained hundreds of thousands of files ranging from documents generated in the day-to-day running of the solicitor-general’s office, to staff training documents, internal passwords and policies, staffing payment information, information on financial processes, and activities including audits, and several hundred files titled with keywords such as “private, confidential, witness, and password”.
The breached documents also contained over 750 instances of the word rape, as well as information on sensitive topics such as child trafficking, executions, the Philippines intelligence agency, Philippines Senator Francis Pangilinan, among other information.
“This data breach is particularly alarming as it is clear that this data is of governmental sensitivity and could impact on-going prosecutions and national security,” Turgensec said.
In December last year, the solicitor-general’s website was reportedly breached by a hacker group that identified itself as “Phantom Troupe”. Four months prior to the website hack, the air-gapped networks of the Filipino government were targeted by hackers operating in the interests of the Chinese government.