Just when most governments have come up with sterner regulations concerning data protection and privacy, we have our own government that leaves their own system vulnerable. It’s as if ours simply doesn’t care about its citizens even if it’s the one responsible for doxing us.
Apparently, the contractor tapped to process Philippine passport data has locked out the foreign affairs department from accessing passport applicants’ data and may have run away with the information. New applicants are now required to re-submit documents such as birth certificates since the government needs to rebuild its database from scratch.
Too much politicking, not much protection
In classic Philippine politics, officials are busy pointing fingers and assigning blame to everyone else but themselves. For updates on the issue, you can follow this page from the Philippine Star. At this point, all the political hoopla doesn’t really interest me anymore. Given the political climate, one could only expect that officials would play the blame game until the issue finally dies down.
As citizens, however, this issue should cause us much worry. Records containing personal identifiable and financial information can fetch a pretty penny in the black market.
Malicious actors could do all sorts of things with such data. Leaked birth certificate information exposes citizens to identity theft and fraud. There are still a number of financial institutions that still use “mother’s maiden name” as a routine security question to verify a client’s identity. Marketers and influencers could use such data to launch targeted campaigns to sway us to act in their favor whether it’s buying a product or subscribing to a particular idea.
If the latter doesn’t scare you, just think of the Facebook-Cambridge Analytica scandal where personal data was used to undermine democratic processes including ours.
This isn’t the first time a government system containing citizens’ data was massively breached. Back in 2016, election data was stolen by hackers and dumped on the internet. It also contained personal identifiable data. Others were even able to get copies of the dump through torrents. What was troubling was that the breach wasn’t even that complicated to pull off it appeared. The system was just poorly secured.
Since the 2016 breach, there seems very little in terms of a concerted effort by the government to secure its systems and data. Each department and office still goes by its own systems and vendors and it’s still common to see government websites and services not using secure sites and connections and using outdated stacks.
Heads must roll
Our Data Privacy Act has provisions for fines and jail time but given the breadth of data compromised, I just feel that it wouldn’t be enough to serve justice for everyone affected. How this passport data issue is handle should reveal how much the government really cares about its citizens. People have to be held accountable. Heads must roll. Culprits must be put to jail.
Cybersecurity expert Brian Krebs best put it. Accept the realities that your personal data is already stolen. This way, you could just focus on being vigilant and keeping your accounts secure.