OSG to probe reported data breach of 345,000 court docs; perpetrators to be “punished”

London-based information security firm TurgenSec says sensitive court documents were made publicly available online for at least two months

The Philippine Office of the Solicitor General (Eagle News Service)

 

(Eagle News) – The Office of the Solicitor General (OSG) is investigating a reported data breach of some 345,000 sensitive court documents that was first revealed by a U.K. security company.

In a statement, it said that it would also prosecute and punish those responsible for the data breach that involved its court documents.

The London-based security firm TurgenSec said that for at least two months, these court documents on ongoing legal cases “were made publicly available online.”

“It’s not like a traditional data breach that we disclose. This one caught our eye because it seems that it might have broader ramifications,” said a spokesperson for TurgenSec quoted in an article on April 30 by Vittoria Elliot of the Rest of World.org which first reported information on this data breach.

It reported that the firm had reached out to the OSG twice “in an attempt to alert them to the breach but received no response.”

TurgenSec, in its website, said that it “offers top information security products uniting the human and technical elements of a complete cyber security package to provide products across the board.”

In a statement, the OSG confirmed that TurgenSec had indeed reached out to them, but it did not say when this was.

“While the OSG notes the responsible disclosure procedure of TurgenSec, the OSG must still be wary of unverified reports sent to its office and shall respond appropriately only after a proper verification has been undertaken as to the accuracy and veracity of these alleged data breaches,” the OSG explained.

-OSG assures the public-

The OSG said it “assures the public that all necessary steps have been put in place in order to protect the confidential and sensitive information contained in its submissions before the courts of justice.”

The UK security firm that specializes on information security products and cyber security packages said that it was first alerted to the OSG security breach in February by a “third-party whistleblower who downloaded the files and sent them to the security firm for examination” according to the report that first appeared on restofworld.org.

On April 28, it said that the documents had already been removed but, it said, some could still be opened on the web as these had been cached by Google’s search engine.

The TurgenSec spokesperson told the restofworld.org that the mistake could have been due to a “misconfigured server” or maybe the administrator had accidentally set the documents to “public” rather than private setting.

The OSG said that it would go after those who were responsible for this data breach.

“In upholding its role as the principal law officer and legal defender of the Government of the Republic of the Philippines, the country can rest assured that these crimes against data privacy committed upon the State and its clients shall not go unpunished, and that the perpetrators thereof shall be prosecuted to the fullest extent of the law,” the OSG’s statement read.

The website of the OSG was also hacked last December.

(Eagle News Service)