spot_img
27.9 C
Philippines
Saturday, October 5, 2024

OSG, DOJ probe massive breach of secret files

The Office of the Solicitor General on Monday vowed to prosecute the perpetrators behind the data breach of its files, which were subsequently leaked to the public.

“The country can rest assured that these crimes against data privacy committed upon the State and its clients shall not go unpunished and that perpetrators will be prosecuted to the fullest extent of the law,” the OSG said in a press statement.

- Advertisement -

A United Kingdom-based cybersecurity firm, TurgenSec Ltd., revealed that some 345,000 documents were accessible to anyone with a browser and internet connection until April 28, 2021.

The files include training documents, internal passwords and policies, staffing payment information, and financial processes and audits.

The office of state lawyers said it will respond appropriately to reports of data breaches and that it will make necessary measures to protect confidential documents.

Justice Secretary Menardo Guevarra on Monday stressed the Department of Justice is willing to help the OSG in its investigation considering that thousands of its cases are being litigated by the state lawyers’ office.

“I understand that the OSG is now looking into this alleged data breach. The DOJ has not received any such information through official channels but will be read to assist the OSG, if necessary,” Guevarra said, in a text message to reporters.

The DOJ chief admitted that he has yet to hear from the OSG about the matter, saying he would appreciate it if the OSG will inform the DOJ of the result of its findings.

In a statement last April 30, TurgenSec revealed that it “became aware of a publicly accessible data store which belonged to the Solicitor General of the Philippines.”

“This breach was accessed and downloaded by an unknown third party that is not TurgenSec,” the firm said.

“Anyone with a browser and internet connection could access it,” it added.

It noted that the breach appears to contain “over 300,000 files and documents.”

“This breach contained hundreds of thousands of files ranging from documents generated in the day to day running of ‘The Solicitor General of the Philippines’, to staff training documents, internal passwords and policies, staffing payment information, information on financial processes, and activities including audits, and several hundred files titled with presumably sensitive keywords such as ‘Private, Confidential, Witness and Password,’” it noted.

TurgenSec also raised concern that the breach and illegal release of the documents would undermine ongoing judicial proceedings involving the OSG.

“The OSG handles thousands of cases in the Court of Appeals and in the Supreme Court in representation of the government in general and of the DOJ in particular,” Guevarra said.

“The DOJ therefore has substantial interest in finding out the cause of this alleged data breach and any prejudice to the interest of the government that such breach, if true, may have unduly caused,” he added.

“While the OSG notes the responsible disclosure procedure of TurgenSec, the OSG must still be wary of unverified reports sent to its office and shall respond appropriately only after a proper verification has been undertaken as to the accuracy and veracity of these alleged data breaches,” OSG said.

“Finally, the OSG assures that all necessary steps have been put in place in order to protect the confidential and sensitive information contained in its submissions before the courts of justice,” it added.

LATEST NEWS

Popular Articles