By Alec Go
The Department of Science and Technology (DOST) said “no sensitive personal information has been compromised” in the recent data leak involving OneExpert, the publicly available registry portal of Filipino science and technology experts.
In a statement Thursday, DOST VI Dir. Rowen Gelonga said OneExpert’s website was restored “soon after” an investigation, with additional security measures implemented.
This was after they were notified regarding a security incident by the Philippine National Computer Emergency Response Team (CERT-PH) on August 31.
“The project team conducted an investigation and found out that a compromised account may have been used to access the site,” part of the statement read.
“Appropriate actions were implemented to address the incident, additional security measures were put in place and the website’s normal operations were restored soon after,” it added.
Gelonga’s statement came after the October 8 Facebook posting of “some data that resembled those from the site” which contained publicly listed names of technical experts, other users, and their email addresses.
“While the list of clients or users is not readily accessible through the portal, the website’s use is diligently monitored, reported, and are made available as part of DOST official records,” he said.
“The DOST takes data security and the protection of personal information very seriously. We are continuously implementing measures to strengthen the security of our information systems in the course of delivering science and technology services to the public,” he added.
On Wednesday, the Philippine Statistics Authority said the Philippine Identification System and the Civil Registration System were not affected by the alleged data breach in one of its systems.
The Department of Information and Communications Technology (DICT) said the PSA incident was not a ransomware attack.
Meanwhile, the DICT said it is assisting the ransomware-hit PhilHealth system to strengthen its cybersecurity while a thorough investigation is ongoing.
“Ang DICT, kasama ng PhilHealth, ay patuloy na nagsasagawa ng masusing imbestigasyon upang malaman ang naging saklaw, uri, at bilang ng mga data assets na na-expose sa surface at dark web,” the DICT said.
