Philippine Police leaked over 1.6 million confidential documents
A major data leak in the Philippine National Police has jeopardized the safety and security of its officers. A misconfiguration of police systems to blame.
The Cybernews research team has discovered that the Philippine National Police (PNP) leaked a tremendous amount of sensitive data, including photos of passports and national IDs, due to the misconfiguration of their systems. The storage bucket owned by PNP was freely accessible to anyone, with no authentication required.
In total, more than 1.6 million files were leaked, including personal documents passports and national IDs, marriage and death certificates, and PNP cards of retired members that exposed a treasure trove of personally identifiable information (PII).
Among the files, there were also selfies of applicants holding their IDs, a procedure frequently requested by online services for identity verification. Most likely, the leaked documents were submitted to the department by former PNP members who are applying for retirement benefits and state pensions.
Leaked data causes huge concern, as it not only reveals the identities of the officers but also is a gold mine for fraudsters that could exploit the victims in various fraud schemes.
The combination of selfies with ID documents poses a significant threat, as it grants cybercriminals the means to impersonate victims and provide seemingly legitimate proof of identity.
With access to these images and ID information, malicious actors can exploit victims' identities and engage in fraudulent activities such as applying for loans, credit cards, and other financial services.
After being informed, the PNP secured access to the storage bucket and sensitive data.
Your email address will not be published. Required fields are marked