(SPOT.ph) At least three government agencies have confirmed being hit by an alleged data leak or data breach in the past few weeks, with the national authorities reminding the public not to click on any malicious links to avoid further leaks.

Two of these alleged leaks or breaches were reported in October, a.k.a. Cybersecurity Month. In the Philippines, the month-long initiative is commemorated with "collective efforts in cybersecurity", events that occured in the same time as findings on the PhilHealth ransomware attack and the Philippine Statistics Authority data breach were reported.

While the two terms are used interchangeably, there's a difference between a data leak and a data breach—and it all boils down to what (or who) started it. A data leak comes from within an organization either by accident or intent, while a data breach is when confidential information is accessed, stolen, or used by outsiders without authorization and is usually for malicious intent like asking for ransom, according to Fortinet.

All the data leak, breach reports in government agencies so far

PhilHealth

Some members of the Philippine Health Insurance Corporation (PhilHealth) may have had their data compromised after its website was hit by the Medusa ransomware on September 22, with the hackers demanding a ransom of U.S. $300,000 (about P17 million).

The alleged leak of members' data was reportedly found in the dark web, which may include names, addresses, date of birth, sex, phone numbers, and even PhilHealth identification number.

Philippine Statistics Authority

On October 11, the Philippine Statistics Authority (PSA) reported a data leak limited to its Community-Based Monitoring System (CBMS)—or a diagnostic tool mainly to assess poverty from barangay level to a national scale—based on its initial assessment. It has yet to determine what personal data from CBMS may have been compromised.

It also assured that the government's central identification platform Philippine Identification System (PhilSys) and the Civil Registration System (CRS)—or the country's record of vital events like birth, marriage, and death—have not been affected.

"The PSA warns the public that social media posts with the alleged sample data include links that contain malware that may be used by cybercriminals and bad actors to perpetuate other illicit acts. Therefore, the public is strongly advised not to click on such links," the PSA told the public.

The DICT said the PSA data breach isn't a ransomware attack like that of PhilHealth's.

"Habang isinasagawa ng DICT ang pagsusuri sa logs ng PSA, hinihikayat ng DICT ang publiko na huwag magpakalat ng posts o links na umano’y naglalaman ng PSA data samples," the DICT said in statement on October 12.

Department of Science and Technology

The Department of Science and Technology (DOST) on Friday, October 13 released a statement on a recent data leak involving its OneExpert portal which serves as a "publicly available" registry of Filipino experts.

The security incident was first flagged on August 31 by the Philippine National Computer Emergency Response Team (CERT-PH), wherein a compromised account may have been used to access the site. While it operations were restored soon after, some data that resembled those from the website have been found on Facebook on October 8.

"This data contained some publicly listed names of technical experts, their email addresses, as well as users with their email addresses," the DOST said as it stressed that no sensitive personal information have been compromised.

What's next after these data breach, data leak?

The Philippine National Police (PNP) forensic group is another agency possibly affected by compromised data, according to Data Ethics PH founder Dominic Ligot. The National Privacy Commission (NPC), however, told CNN Philippines this is not yet confirmed.

"Ang at risk talaga is any agency na may platform na exposed to the internet. Ito something in common sa agencies na tinamaan e," Ligot told TeleRadyo Serbisyo on October 13.

"Meron lang nag-click ng maling URL or attachment kasi the moment na may ma-click ka na hindi kanais-nais na ginawa 'yan ng hacker, makakapasok na siya sa system mo lalo kung naka-connect siya sa Internet."

So what should happen now? There are ways to avoid other potential leaks or attacks, he said.

"On both fronts kaya siya agapan e, education ng employees na 'wag click nang click ng kung ano-ano and second, baka hindi natin bina-budget ang cybersecurity na hindi lang 'yan software, tao rin 'yan e. Meron ba kayong cybersecurity officer? And finally, baka kailangan na talaga i-audit kahit na anong platform or portal na meron connection to the internet, lahat 'yan entrypoint ng hackers."