Philippine Maritime Industry Authority reports cyberattack, data breach

On June 16, 2024, the Maritime Industry Authority (MARINA) of the Philippines reported a cyberattack orchestrated by the hacker known as "ph1ns." The announcement of the breach was made on Breach Forums, a platform often used to publicize and sell stolen data.

Ph1ns claims that approximately 20 gigabytes of data were exfiltrated using an Unrestricted File Upload vulnerability. The hacker compared the ease of this attack to previous breaches of other Philippine government agencies, indicating that it was simpler than the attack on the Department of Science and Technology (DOST) due to less stringent network separation.

The attack exposed sensitive data belonging to ship owners and Filipino seafarers. Despite MARINA's assurances that no stakeholder data was compromised, the hacker claims that personal information was taken, including:

• Names
• Addresses
• Contact details
• Financial records

The breach affected primarily employees, with the number of individuals impacted estimated to be between a few dozen and a few hundred. The exact number is not disclosed.