Romeena Minor

If consistency had been a competition, the Philippines definitely would have reigned triumphantly—consistent in failing to secure both tangible and intangible properties, that is. 


Issues concerning national security in terms of territory, such as the West Philippine Sea dispute, are already well spoken of; cybersecurity, however, is very seldomly brought up when, in actuality, it matters just as much as the other affairs in the country. Unfortunately, being no different from the other concerns, cybersecurity is neglected and overlooked just as much. 

Financial, software, data, and media company Bloomberg released a report on January 7 stating that Chinese state-sponsored hackers are behind the infiltration of the computer systems of the executive branch of the Philippine government, with what Department of Information and Communications Technology (DICT) undersecretary for cybersecurity Jeffrey Ian Dy claims to be persistent and consistent with advanced persistent threat groups (ATPs). Furthermore, the three individuals Bloomberg cited to be knowledgeable of the case added that the data stolen in the infiltration included military documents, including some related to the Philippines’ territorial dispute in the South China Sea. Alarming, negligent, and incompetent. 

Other than this, it may be recalled that another case of massive data breaching took place in April of 2023, where the Philippine National Police (PNP) was the primary victim, causing a total of 817.54 gigabytes worth of data to be stolen. Some of the breached information includes legal documentation such as birth and marriage certificates, fingerprint scans, tax filing records, and even passport copies. Highly confidential data were left unprotected and now led to the respective victims’ insecurity—pathetic and enraging.

Moreover, in September of 2022, the Philippine Health Insurance Corp. (PhilHealth) suffered a large-scale data breach, causing the leak of 743 gigabytes worth of data, those of which belong to the 13 million members and approximately 800 employees of the said company. The act was performed as ransomware, with perpetrators demanding $300,000 or approximately P17 million. PhilHealth, however, denied the order, resulting in the leakage of extracted data on the infamous Dark Web. So much for health insurance.

Had I not done ample research, I would have thought these hackers were some sort of next-level tech savvies to have been able to breach the security of such high-end bureaucracies. However, I later found out that such events were made possible not solely by the proficiency of the perpetrators but also by major shortcomings from the affected groups. 

GMA’s 24Oras news program reported that PhilHealth themselves admitted not having an antivirus software installed within their database during the time the breach took place, allegedly due to the company’s new procurement rules. Meanwhile, the PNP data breach, as said in a report authored by cybersecurity researcher Jeremiah Fowler, was discovered to be caused by having the government documents stored at an unsecured and non-password-protected location, making such sensitive information vulnerable to cyberattacks or ransomware. 

How is it not stressed enough that data breaches involving sensitive information of the people are not subjects to take lightly? One person’s leaked data could lead to greater problems in the long run—their identities stolen, their credit cards susceptible to unauthorized purchases, their bank accounts used for money laundering, and so much more. Infuriating is a mere understatement in describing these incidents, especially knowing the fact that such occurrences happened due to the sheer incompetence of the officials responsible behind cybersecurity systems in the aforementioned agencies. They may voice out whatever reason they have behind their errors; however, all will probably sound utterly and poorly made up. They may claim that the breaches transpired because of this and that, while all I will hear is that they are openly admitting their negligence in the matter. 

Although these instances are not new to Philippine cybersecurity, due to numerous large-scale data breaches in our history, including the 2016 Commission on Elections hacking incident, which was the biggest and worst data breach in our country to date, it all the more evokes resentment and rage for classic Filipinos as we just never learn. Even after years of technological evolution and exposure to its threats, these agencies still fail to make advancements in their cybersecurity measures; they still refuse to take the extra mile to ensure that unwanted circumstances in history will not repeat; they are, I should say, complacent and careless. 

A vast population of internet users with scarce knowledge of cybersecurity awareness, as well as the generally underdeveloped cybersecurity infrastructures, are among the numerous factors contributing to the Philippines’ susceptibility to widespread data breaches. Not to mention the lax performance of certain national agencies, including the DICT with their duty to ensure cyber safety among digital platforms in the country. 

Perhaps setting up a lone office of experts in each national agency that specializes in monitoring and protecting data entries, as well as installing database software that keeps track of patterns and carefully watches any irregularities within the system, are some great ways to prove that the major events threatening the country’s cybersecurity are lessons to them and not merely stories to look back to from time to time. 

It is high time for Filipinos to start taking cybersecurity to a more serious degree. Greater efforts need to be exerted, and better mechanisms need to be developed; otherwise, let us all simply refrain from digitizing. If we are unable to pay the price of convenience, which is caution, then better remain traditional for all our days. Forcing digitization at a time and place misfit for it will only be a greater curse we will all bestow upon ourselves; please, let us all spare one another from carrying a burden heavier than what we already have.