News recently broke out of a data breach involving the personal information of Philippine passport holders. Department of Foreign Affairs Secretary Teddy Boy Locsin admitted (on Twitter of all places) that a former foreign contractor working for the government agency ran off with data, allegedly out of spite, after the former’s contract was terminated by the latter.
Locsin also admitted in the same tweet that the DFA “did nothing about it or couldn’t because (they) were in the wrong”, and that the department will make sure this incident never happens again.
First off, I am genuinely surprised this issue hasn’t enraged a lot of people. It seems that the general public’s interest is lukewarm in an incident that could have dire implications.
It’s already 2019, and given the fact that majority of Filipinos have embraced the digital age, it’s mind-boggling that a data breach of this kind doesn’t, to the very least, make people feel nervous about where it might lead.
The contractor that ran off with the data has in their hands the personal information of thousands (millions?) of Filipinos that they could use in any way they want.
It could be as “harmless” as selling your data to marketing agencies that then bombard your online personas with annoying targeted product placement and ads. (Okay, this mostly happens with data gathered from your online activity, but you never know! They could find creative ways of using actual personal information for this purpose.)
It could also be as sinister as selling the same data to nefarious entities with then intent of using ~you~ in their misdeeds: blackmail, extortion, identity theft, you name it.
I can understand if people would just brush this off as paranoid thoughts, but make no mistake about it. Incidents of blackmail, extortion, identity theft and other similar actions have happened thanks to data breach.
Remember back in September 2018 when Facebook admitted that it had a data breach because of a hack and Filipinos were among those affected? That sure caused a lot of rage among users, and some politicians even called out Mark Zuckerberg and friends to beef up their security measures.
It was “just” a social media website breach but the backlash was intense. This is because, no matter how irrelevant social networking is in the bigger picture, Facebook is undoubtedly a part of modern Filipino life. I was hoping to see the same anger directed towards the DFA for allowing the passport data breach to happen, since, oh I don’t know, this is a much bigger issue.
And instead of telling us how they plan to remedy this situation and prevent it from happening again, Locsin simply tweeted about how this incident was allowed to happen because of the “Yellows”. Because, yes, this is an appropriate time to bring up partisan politics. Also, the fact that the dude makes official comments on the matter on a microblogging site kind of downplays the gravity of the situation, no?
I want to know why the DFA terminated the contractor in the first place. Did they do something wrong, or were the contractor’s services not up to par with the department’s standards. Also, Locsin said they were the “most respectable company… French even“, so how could the most respectable French company be petty enough to do what it did and totally disregarding the potential harmful effects of its action to Filipino citizens?
Should they not be held accountable for their misdeed? Of course they should be, but I have a hard time finding anything on the internet regarding any course of action by the government to hold said respectable French company accountable.
On a related note, this incident makes me think of the government’s planned unified ID system. Detractors of the plan point out that a unified ID (which contains basic personal information i.e. name, address, birth date, etc. ), could put people at risk in the event of a data breach (and, y’know, in instances where you just lose the wallet that contains your ID — a very common thing that happens to the best of us).
This passport data breach backs up those detractors’ points, and no amount of reassurance from the government could fully allay fears that it could happen again with the unified ID system.
Hopefully the government spares no expense in ensuring a similar incident never happens again in the future.
Honestly, I don’t know what I’d do if I were the ones whose personal info got stolen. Maybe just pray mine doesn’t fall into the wrong hands?
patrickkennan.com 