The database of the Unified Student Financial Assistance System for Tertiary Education has been hacked, Sen. Sherwin Gatchalian, chairman of the Senate Economic Affairs Committee, revealed yesterday.
Gatchalian urged government agencies to immediately report to the National Privacy Commission any unauthorized access to database containing personal information that they have.
The data breach committed last March exposed the personal data of more than one million Tertiary Education Subsidy applicants, Gatchalian said.
He said the TES database containing the private data of 1,130,899 applicants – including their student identification number, full name, birth date, father’s and mother’s names, and address – was accessed by unknown intruders on March 16.
Gatchalian said that according to an official document that his office received, the hacker accessed and deleted the TES database and left a “Ransomware,’’ a type of malicious software that threatens to publish the victim’s data unless a ransom is paid.
The breach happened mid-March but the Secretariat was only able to report the breach to the NPC mid-April.
“Sana nireport nila ng mas maaga dahil responsibilidad nilang gawin ‘yon,” he said.
Section 20 (f) of Republic Act No. 10173 or the Data Privacy Act of 2012 states that “The personal information controller shall promptly notify the (NPC) and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes that such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.”
Gatchalian urged the UNIFAST Secretariat to be more vigilant in securing and storing personal data of students as he noted the string of hacks on government websites in the previous weeks. (Mario Casayuran)