-
The Bureau of Customs systems fell victim to a cyber attack on April 7
-
The hack compromised sensitive data, exposing personal details of more than 2,200 employees and about 80,000 public and private customers, according to tech watchdog Deep Web Konek
-
Importation documents were also affected, involving “extensive documentation related to importation processes, including PDFs, CSV files, and gate pass records containing information about importers, exporters, and cargo shipments”
The Bureau of Customs systems fell victim to a cyberattack over the weekend.
The breach of data security occurred on April 7 and was “orchestrated by a hacking group identifying themselves as DeathNote Hackers PH, Philippine Hacking University and Excommunicado,” according to tech watchdog Deep Web Konek in a post on the X platform (formerly Twitter).
The BOC confirmed the attack in a statement on April 9, saying “some of the agency’s external cloud based online applications were breached using compromised user login credentials.”
The agency advised stakeholders to change the password of login credentials and to report suspicious activity on accounts.
The cyber attackers were previously responsible for hacking incidents involving educational institutions AMA and STI, said Deep Web Konek, which describes themselves as enthusiasts that uncover and monitor dark web activities.
The hack compromised “sensitive data repositories… exposing the personal details of over 2,200 employees and approximately 80,000 customers, both private and public,” Deep Web Konek said.
The “threat actor also dumped a staggering 4.5GB of uncompressed data on a file storage service.”
Deep Web Konek shared a link by a blog written by “Kukublan”, which said the BOC leaked data contains 24,753 files with 2,683 folders dumped.
“The breach unveiled critical system credentials, including API, MySQL, MSSQL, REPO(Azure), and brokers’ account credentials, acquired by the hackers. This unauthorized access not only undermines the integrity of the agency’s data infrastructure but also reveals systemic vulnerabilities within its cybersecurity framework,” the blog said.
The scope of compromised data includes employee data from 2019 to 2024 of over 2,200 BOC employees, encompassing names, addresses, contact numbers, email addresses, employee IDs, and employment history, the blog added.
It said the breach also involves about 4,000 lines of customer data, representing information about customers, such as names, addresses, contact information, transaction records, and payment data.
The 4,000 lines, however, collectively represent details of approximately 80,000 individual customers, as each line of data may contain multiple pieces of information about a single customer.
Importation documents were likewise affected. This involves “extensive” documentation related to importation processes, including PDFs, CSV files, and gate pass records containing information about importers, exporters, and cargo shipments,” the blog said.
The cyber attack follows similar attacks on the computer system of the Department of Science and Technology, and the website of the Bureau of Jail Management and Penology.
BOC said it immediately reported the breach to the Department of Information and Communications Technology and Cybercrime Investigation and Coordinating Center, and sought the assistance of the two agencies to investigate the incident.
BOC said it is still “determining the total number of Data Subjects involved” although upon initial investigation, the following information may be involved: name; email address; company name; contact details; and Tax Identification Number.
The bureau said it “immediately initiated security protocols to contain and address the situation by locking all compromised accounts and servers.”
It added that its IT team is working to enhance security measures and prevent future breaches.
READ: BIR, BOC ordered to strengthen systems against rising cyber threats
