MANILA — The Department of Information and Communications Technology (DICT) on Wednesday said a cyberattack on the Department of Science and Technology system has affected around 2 terabytes of data.

DICT spokesperson Aboy Paraiso said the agency is now working with DOST to recover the lost data from the system. Potentially, he said, this is one of the biggest data hacks in terms of scope.

“We detected the attack since yesterday. In fairness to DOST, they reached out to DICT to ask for our assistance… We can confirm it’s around 2 terabytes,” said Paraiso.

They are still assessing what data were affected, but Paraiso expressed concern that information on research as well as the personal information of employees and scientists may have been compromised.

RELATED: Higher salary than a Cabinet Secretary? Cybersecurity experts in high demand

“DOST is the repository of many, many data… We still have to confirm if there are private data that were gathered, especially [the] personnel profiles,” he said.

The cyber advocate group "Deep Web Konek" earlier reported the hack, saying a notorious threat actor gained “access to critical network components including supervisors, [Network Attached Storage] devices, routers, and ultimately securing Domain Administrator privileges.” 

It said 25 TB of data were breached.

The threat actor also defaced the site by leaving a message against political dynasties and against Charter change. The threat actor used the hashtag opEDSA.

Personal Identifiable Information might be at risk

Data Ethics Founder and Director Dominic Ligot said if data was deleted, this could cripple the operations of DOST especially if there is no backup data. 

He feared that many of the affected data could be personal information of employees and scientists, as well as data on research and development.

“Ano ba work ng DOST? Mostly research, science, pero the most sensitive part there is if nasama mga log-ins and [Personal Identifiable Information] ng members ng DOST,” Ligot said.

Compromised personal information could be used in identity theft and further data breaches.

“Yung alleged na leak sa PhilHealth (Philippine Health Insurance Corp.) is 600 GB, so it’s more than 25 times bigger than that," Ligot said.

"But again it could be many things. It could be videos kaya siya malaki, o images.”

Ligot said the threat actor could be a "hacktivist" based on the political messages left on the DOST site.

"An advocacy of some sort. Some would call it a challenge to the government, destabilization," DICT's Paraiso said.

"The real purpose, we have to determine that, determine the group which we have already suspicions of,” he said, adding the cyber attack could have been done by Filipinos. 

Foreign hackers claimed responsibility for the PhilHealth data breach in late 2023.

Paraiso said government agencies should beef up their cybersecurity measures as more attacks may happen in the future. He said he has already flagged some agencies with poorly-protected systems.