The PNP data breach has affected the Firearms and Explosives Office (FEO) database and forced the Philippine National Police to suspended all online gun license and permit services after discovering the security breach.
PNP Data Breach Finds Links with the Previous LDMIS Breach
As Manila Bulletin first reported, PNP spokesperson Col. Jean Fajardo said their Anti-Cybercrime Group (ACG) is investigating the incident but initial findings suggest the perpetrator behind the recent breach of their Logistics Data Information System (LDMIS) may be responsible for compromising the FEO system as well.
“At this stage, we can confirm the same threat actor is likely involved in both the LDIMS breach and the potential FEO breach. However, until our technical evaluation of the FEO system is complete, we cannot say for certain if any data was actually accessed or stolen,” said Fajardo.
Fajardo reported that the same threat actor has allegedly been uploading data obtained from the breaches. However, she said the ACG’s evaluation on the full extent of the data breaches is still ongoing.
“As a precautionary measure though, we have shut down all PNP systems, especially those providing frontline services like the FEO, as our assessment and evaluation continue,” stated Fajardo.
She explained that while PNP services will still be provided, they will be done manually for now. Fajardo noted that shutting down the online systems is part of the mitigation process until the ACG completes its analysis of the reported data breaches.
Fajardo said “The only option for now is that online services are unavailable only temporarily. People can still visit our regional offices to submit applications and secure clearances for firearm licenses, permits and registrations.”
FEO Office to Remain Open at Camp Crame
“Our main FEO office here at Camp Crame will even remain open on weekends to serve clients.”
Meanwhile, Fajardo acknowledged concerns raised by some lawmakers, particularly Sen. Imee Marcos, given that personal data may have been involved in the security incident. Fajardo recognized the need to address privacy issues carefully, as the investigation into the full scope of any data breach continues.
Fajardo acknowledged that ordinary FEO clients would likely share the same concerns, as some personal information may have been exposed.
“That is the primary reason we immediately took the system offline as a precaution. Shutting down was part of our mitigation efforts to allow the assessment and validation process to continue,” Fajardo said.
She recognized that with potential privacy implications, both lawmakers and regular clients would want assurances that the investigation is thoroughly addressing how to better safeguard people’s sensitive data going forward.
The shutdown aims to contain any potential impact of the PNP Data Breach, while the probe works to understand the full scope of the incident.