Biggest Data Privacy Breaches in the Philippines

July 20, 2020

From the finance sector to all walks of business, the Philippines has amassed plenty of personal, commercial and even governmental information. Access to both public and private information is commonly discussed, as a variety of multinationals and global conglomerates have personal stakes in the country.

Since the Internet was introduced to the Philippines over two decades ago, articles, videos and photos have created a wealth of information. Unfortunately, such information tends to be targeted by those with malicious intents.

As such, using a recommended Philippines VPN is vital. Whether you’re a vacationer or a new resident—a passerby or long-term visitor—a little digital protection can make a lot of difference.

Digital protection—and some quick insights into the country’s history of data breaches.

Big Statistics: A Quick Snapshot

Indeed, the Philippines has seen its fair share of digital privacy trouble. The decreasing price of Internet-ready devices has spawned a massive user-group with unregulated, or even untraceable, access to the online world. Approximately two-thirds of Philippines citizens access Facebook via mobile devices—which is a hefty size, as the country has over 36 million Internet users in general.

About half of the country’s online advertising inventory is mobile, too—conjoined with a Business Process Outsourcing industry which is all but grounded entirely within the virtual world. From a macro-economic perspective, free-flowing information is important to any nation’s growth—as well as its business sector’s development. As the information flows, governing parameters may struggle to keep up—leaving business owners, and residents, unprotected.

Dire Data Breaches in the Philippines

Understandably, every country struggles with maintaining a status quo between evolving litigation and data privacy needs. The Philippines has experienced several large-scale data breaches in recent history—and each one has significantly reshaped its approach to digital security.

The 2019 Sephora Data Breach

In July of 2019, the beauty retailer Sephora was impacted by a critical data breach: Malicious users parsed data from customers previous purchases, acquiring encrypted passwords, contact information, email addresses and even data logs regarding their purchasing behavior.

Unfortunately, data breaches in the Philippines can persist for up to 196 days before they’re identified. This is particularly troubling due to the swiftness of cyberattacks. In most cases, a hacker can initiate, execute and succeed with an attack within a mere 39 seconds.

The 2016 Voter Registration System Breach

Often cited as the country’s worst data breach in digital history, the voter registration system cyberattacks of April, 2016, still leaves experts puzzled. The massive data breach resulted in the theft of millions of fingerprint records. Even worse: Over 228,605 email addresses—and 1.3 million passport numbers—were stolen. These credentials were marketed on the clear web and dark web alike, neutralizing the digital security of over 55 million voters.

The 2018 Hacking Surge

The Philippines saw a significant spike in phishing, malware attacks and data breaches throughout 2018. The surge was so harmful to citizens that a Unisys Corp public survey reported that a staggering 90 percent of Filipinos were majorly concerned for their personal information’s safety.

A majority of these attacks were committed through email hacking, as well as social media profile hacking. Unique to this spike in malicious online activity, however, was an uncommonly high rate of social engineering scams—wherein, in many cases, the victims were tricked into disclosing sensitive information.

The 2014 Anonymous Attacks

While many have heard of the hackers’ collective dubbed Anonymous, too few are aware of its potential. Self-titled “Anonymous Philippines,” the country’s own population of Anonymous activists defaced over 200 Chinese websites to retaliate against Beijing’s controversial, aggressive actions in the West Philippine Sea.

Moreover, over 145 of these websites were run by the Chinese Government. Another 45 were operated by commercial entities. This wasn’t Anonymous first hacking attack in the Philippines, either: In 2022, they garnered significant attention by targeting, hacking and defacing a number of Philippines government websites in response to the country’s Cybercrime Law.

The 2016 Bangledesh Bank Heist

In recent years, the Bankers Association of the Philippines has repeatedly pledged resources to assist the country’s growing data privacy concerns. In aid of the National Privacy Commission, the BAP doubled down on foreign banking security measures—also pursuing new means of assured safety across all banking processes.

By and large, this was spawned in response to an emergent cyber-threat of great design: Earlier that year, hackers transferred over 100 million Bangladesh Bank account dollars—executing the action from New York’s Federal Reserve Bank. The funds were transferred to bank accounts across the Philippines and Sri-Lanka, resulting in the theft of data from over 50 million registered Filipino voters.

Identifying the Biggest Threats to Filipino Cybersecurity

While the above-mentioned cyberattacks were massive in scale, many smaller data breaches occur every day. Some are identified—or even prevented—but many, unfortunately, are not. High-profile cyberattacks are catastrophic in nature: Conducted by some of the world’s most tactical hackers, these events are all but unstoppable.

This said, plenty of cyberattacks are successful due to lacking information about data theft prevention. While this is a significant problem in the Philippines, it persists around the world. Any and all who access the Internet are at risk—especially when underinformed, or even uninformed, about the major risks around every corner.

By taking a closer look at the Philippines, where digital threats are concerned, we can better understand the very same, inherent risks of navigating the Web without a recommended Philippines VPN. Across the country, the biggest cybersecurity threats directly relate to several digital safety mistakes.

Mistake One: Reusing Passwords

In a study conducted by Virginia Tech University, experts found that approximately 52 percent of Internet users use the same passwords across multiple platforms. This bad habit can easily cost a person their data—and especially their financial information.

This is because banking information is easily parsed with even a small amount of personal data. Online shopping accounts, email accounts and social media accounts are a malicious user’s primary targets. More common than not, these specific online services see repeat passwords. Even more worrying is the amassed credit card data contained within e-commerce platforms.

Cybercriminals can easily gain access to commercial email addresses. Once they do, they can alter customer accounts—resetting their passwords. From here, shoppers are only a single ‘recovery email’ away from identity theft,

Mistake Two: Staying Logged In

The Philippines, home to an abundance of Internet cafes and public Wi-Fi hotspots, suffers from a high number of data theft cases due to idle user accounts. These cases don’t only apply to e-commerce websites, either. Even though popular social media platforms like Facebook don’t typically hold personal financial data, they’re packed with personal information snapshots. These ‘glimpses’ can certainly help malicious users connect the dots, in terms of parsing the information needed to access financial accounts.

If you’re traveling in the Philippine’s, make sure you log out of every online account you access. Even if you’re using a personal device, you’re at risk. Essentially: Your tablet, laptop and even your smartphone are exposed when connected to public Wi-Fi. Hackers frequently peruse public Internet hubs, scanning for exposed device information.

Needless to say, try to avoid using public devices—such as library computers and store tablets. If you forget to log out from an account, your information can easily become fair game for cybercriminals.

Mistake Three: Connecting Accounts to Social Media

These days, it’s nearly impossible to avoid online services requesting access to one’s Facebook page. While not every third-party app is dangerous, those which request a direct link to your social media account can easily put you at risk.

Newsletters, public apps and shopping accounts which request a ‘sign-up’ via a Facebook account link, an Instagram login or anything in between should be avoided. Following, Liking and commenting on public entity pages isn’t dangerous—but connecting your account login behavior is.

Those with malicious intent, if they parse a business’s data, will immediately have access to this behavior—and this behavior is easily refined into tangible, valuable, browsing data. From here, identifying and exploiting a user’s personal information is much easier.

Staying Safe While Traveling Abroad

While traveling to unfamiliar places can be risky in terms of digital security, you can still avoid catastrophe with some preventative measures. Among these measures, one tactic is worth its weight in protected data: A VPN.

We’ve mentioned the importance of using a recommended Philippines VPN above, as it’s a resource which shouldn’t be forgotten. A VPN ‘masks’ your online footprint—hiding your device, your data, your history, your IP address and—most importantly—your valuable information from malicious online users.

By using a professionally recommended Philippines VPN—you’ll essentially become ‘invisible’ when using the Internet. A VPN also encrypts your browsing data, exponentiating your digital protection. To get the most out of your VPN, you should use it the minute you set out on vacation. While the Philippines has its fair share of cybersecurity concerns, your local public Wi-Fi hubs can be just as dangerous. So, remeber: Always log out of your online accounts—even if they don't contain leads to your personal information. Try to avoid connecting your social media accounts to publicly accessible Internet accounts, and never use the same password twice.

Above all, keep your personal information secure with a trusted VPN—as it'll safeguard you against a majority of online threats.