A threat actor claims to have breached the eGov PH platform, the national government’s central digital services application managed by the Department of Information and Communications Technology (DICT). The actor stated the cyberattack was a politically motivated “statement” against corruption, achieved by exploiting a vulnerable API to access the platform’s backend systems.
According to the actor, the attack resulted in the exfiltration of a database containing sensitive information from over 30,000 citizen complainants. The compromised data reportedly includes full names, geographic location data such as municipality and barangay, latitude and longitude, report subjects, and the full text of user-submitted complaint messages.
