Cybersecurity researcher Jeremiah Fowler has revealed the existence of a non-password-protected database containing over 1.2 million records. Fowler further discovered that the database was associated with individuals who either applied to work or were employed in the law enforcement sector in the Republic of the Philippines.
These Applicant Records and Employee Records contained highly sensitive personally identifiable information (PII) such as passports, birth and marriage certificates, driver’s licenses, academic transcripts, security clearance documents, and many more.
The database appeared to contain a selection of records pertaining to the academic and/or personal history of each Applicant or Employee. Samples of records include copies of fingerprint scans, signatures, and required documents from multiple Philippine state agencies including the Philippine National Police, National Bureau of Investigation (NBI), Bureau of Internal Revenue, Special Action Force Operations Management Division, and Civil Service Commission, amongst others.
The database also contained character recommendations, in the form of letters from courts and municipal mayor’s offices certifying that those individuals applying to work in law enforcement possessed a good moral character and had no prior criminal records.
Based on the limited samples of records Fowler viewed, the database also appeared to contain documents relating to internal directives addressing law enforcement officers, which may or may not be confidential.
What the database contained
- Total size: 817.54 GB
- Total number of records exposed: 1,279,437
- Employee and Applicant Identification Records: Scanned and photographed images of original documents that included: birth certificates, educational record transcripts, diplomas, tax filing records, passports,s and police identification cards. Included in the files were combined records certifying that there are no pending cases or criminal history for the officer. These included the Republic of the Philippines justice department’s certification, local or regional court records, and the National Bureau of Investigation (NBI) identification and clearance documents.
Any data breach that exposes personal information belonging to police and members of law enforcement or other officials can be dangerous. Individuals whose data is exposed could be potential victims of identity theft, phishing attacks, and a range of other malicious activities. The exposed records could also potentially allow criminals to target members of law enforcement for blackmail or other schemes.
Source: VPNMentor
