DATA
BREACHES
�DATA BREACHES
• Data breaches or data leaks can be far more
than a temporary terror — they may change
the course of your life. Businesses,
governments, and individuals alike can
experience huge complications from having
sensitive information exposed. Whether you
are offline or online, hackers can get to you
through the internet, Bluetooth, text
messages, or the online services that you use.
�DATA BREACHES
• Cybersecurity threats have risen in the Philippines in
recent years, posing significant challenges to
businesses, government organizations, and individuals.
• In fact, the first half of 2023 alone saw a 152% increase
in cybercrime incidents in Metro Manila compared to
the same period in 2022. The booming digital
landscape makes it a fertile ground for opportunists,
emphasizing the importance of understanding how
data breaches affect your organization's cybersecurity
moving forward.
� 5 BIGGEST DATA BREACHES IN THE
PHILIPPINES
three (3) types of
The top
cyber attacks in the
Philippines are:
i. Malware attacks (29%)
[Link] (21%)
[Link] attacks (13%)
� 5 BIGGEST DATA BREACHES IN THE
PHILIPPINES
1. COMELEC DATA BREACH
2. WENDY’S PHILIPPINES
3. CEBUANA LHUILLIER MARKETING
SERVER BREACH
4. UCPB INDEPENDENCE DAY CYBER
ATTACK
5. PHILHEALTH MEDUSA ATTACK
� COMELEC DATA BREACH (2016)
1. A month before the 2016 national elections,
the Commission on Elections (Comelec) suffered a l
arge-scale attack
many consider the most significant government-
related data breach. It involved hackers accessing
and compromising data from roughly 70 million
people—more than half of the country's
population—including:
� COMELEC DATA BREACH (2016)
A. Fingerprint data The hacker group
B. Passport information Anonymous Philippines
C. Email addresses claimed responsibility for
D. Postal addresses the attack, which
E. Birthplace amounted to a data dump
F. Height and weight of 340 GB. For its part,
G. Gender Comelec continues to beef
H. Marital status up the security of its
I. Parents' names website and database.
� WENDY’S PHILIPPINES (2017)
• On April 23, 2017,
hackers infiltrated the fast food chain Wendy's Philippines' website,
exposing over 82,000 customer and employee records, including
names, email addresses, postal addresses, and resumes. In
response, the National Privacy Commission (NPC) obliged the
company to notify those affected.
• Upon further investigation, the NPC also found the attackers had
compromised account passwords, transaction details, and modes of
payment. The Commission required Wendy's Philippines to
perform a cybersecurity assessment to identify vulnerabilities and
prevent further incidents.
� CEBUANA LHUILLIER MARKETING
SERVER BRANCH (2019)
• Pawnshop and remittance company Cebuana
Lhuillier became a data breach victim in January 2019. The
incident occurred when hackers infiltrated one of Cebuana's
email servers for its marketing activities, compromising the
data of roughly 900,000 clients, which is
3% of its total clientele. The company also traced
unauthorized downloads dating back to August 2018.
� CEBUANA LHUILLIER MARKETING
SERVER BRANCH (2019)
• In its official statement, Cebuana Lhuillier revealed that the
data dump included customer birthdays, addresses, and
sources of income. Fortunately, financial transaction details
were safe from the attack. The company collaborated with
the NPC to perform an internal investigation and improve its
cybersecurity following the incident.
� UCPB INDEPENDENCE DAY CYBER
ATTACK (2020)
• The government-controlled
United Coconut Planters Bank (UCPB) lost millions of pesos
through numerous online transfers and automated teller
machine (ATM) withdrawals during the three-day holiday in
June 2020. In one case, the culprits made 57 withdrawals
from a single ATM, taking out its entire ₱4 million stock. The
total losses amounted to ₱167 million.
• A bank official reported that the hackers held UCPB accounts,
which they used with other local banks to transfer and
withdraw the money. Based on theories, the culprits might
have had inside help and could be a part of a larger
syndicate operating in the local banking system.
� PHILHEALTH MEDUSA ATTACK (2023)
• The hacker group, which the government
calls Medusa, accessed the data on
September 22 after restricting PhilHealth
staff from accessing their system. The
insurance corporation shut it to prevent
further damage, but the hackers had already
secured 734 GB of files. PhilHealth has 59
million direct and indirect contributions.
� I LOVE YOU VIRUS
The Love Bug pandemic began on 4 May, 2000.
• Victims received an email attachment entitled LOVE-LETTER-FOR-
YOU. It contained malicious code that would overwrite files, steal
passwords, and automatically send copies of itself to all contacts in
the victim's Microsoft Outlook address book.
• Within 24 hours, it was causing major problems across the globe,
reportedly infecting 45 million machines. It also overwhelmed
organizations' email systems, and some IT managers disconnected
parts of their infrastructure to prevent infection.
• This led to estimates of damage and disruption running into billions
of pounds.
• In the UK, Parliament shut down its email network for several hours
to protect itself, and even the Pentagon was reportedly affected.
� • The previous year, the Melissa bug is believed
to have infected a million machines using
I LOVE YOU similar tactics. However, Love Bug dwarfed
previous outbreaks and exposed how
VIRUS vulnerable the world's increasing internet
connectivity was to attack.
• Investigators traced the virus to an email
address registered to an apartment in Manila,
capital of the Philippines.
• The occupant's brother was Onel de Guzman, a
computer science student at the city's AMA
Computer College. He was a member of an
underground hacking group called
Grammersoft and quickly became the lead
suspect in a police investigation.
