Data breach reported affecting Philippines eGovPH government digital services platform
Learn More
A significant potential data breach has been reported affecting eGovPH, the Philippines' government digital services platform. On November 8, 2024, a threat actor operating under the alias "GR3GG3M3RC3R" claims to have successfully breached the platform's security systems through a zero-day vulnerability exploitation.
The hacker is claiming to have achieved root access, and apparently compromised
- Know Your Customer (KYC) information
- Official identification documents
- Additional personal data (specific details not disclosed)
The threat actor claims to have breached 200,000 user records and is offering the stolen data for sale on dark web forums for $100,000 in Bitcoin. They have indicated willingness to provide data samples to potential buyers via email and announced plans to publish details about the vulnerability discovery process.
This isn't the first security incident involving eGovPH. Earlier in 2024, there was an attempted hack of their promotional website, though the Department of Information and Communications Technology (DICT) stated no sensitive data was compromised in that incident.
The legitimacy of these claims is still under investigation. Neither eGovPH nor DICT has officially confirmed the breach at this time. The situation remains a developing story with ongoing verification efforts.
Update - as of 15th of November 2024, the Department of Information and Communications Technology (DICT) on denied that there was a data breach on the government’s one-stop mobile application.
