December 2023 Data Breaches and CyberAttacks in the Philippines
As the year ends, there have been a few breaches and cyberattacks that are worth summarizing here, targeting both public and private Philippine Organisations.
Let’s Start with the
Philippine Chapter of the PMI
PMI Philippines Chapter . A threat actor claims to have leaked PMI Philippines Chapter user data, including user IDs, event IDs, user IP addresses, payment details, phone numbers, and addresses.
The post date was December 21, 2023. Even though the posting user is new to the forum, the data sample speaks for itself, and PMI should verify it ASAP. From the data set shared in the post,, there is legitimate PH user data, and a short LinkedIn search of some names showed that those users are PMI certified; hence, the data seems legit, though it may be older.
While I was able to verify some users' details with some contacts in their organizations, some seem outdated; it is still a notable breach, though.
A more serious one comes next.
Aeon Credit Service Systems (Philippines) Inc.
Heads up to those in the Philippines’ financial services industry! According to a well-known breach forum post (Post Date December 24, 2023, ÆON Credit Service Systems (Philippines) Inc. has suffered a data breach. The leaked data, reported to be 15.77 GB, is made available for download via mega.nz, and the download link is active and working as of the time of this writing.
The data is still downloadable, and it does contain a lot of very confidential data, including Aeon Customer PII and details such as letters of demand for payments and balances as well as statements of accounts.
The most recently surfaced is the next one:
Okada Manila (Casino and Hotel)
Okada Manila was potentially breached by the ALPHV Group, who posted on their dark web blog that they had victimized the Casino. The Group claims to have obtained confidential and PII data and other sensitive information, including financial data, customer data, contracts, etc. Sample data that was released show hundreds of Passport scans, NDAs (Non-Disclosure Agreements), and a screenshot showing they had access to an SSMS (SQL Server Management Studio).
This adds another potentially significant breach just in time before the year ends.
With these three leaks, all within a week and all before the year's end, I think we can get the idea that 2024 will not give the cybersecurity defenders more peace and quite.
Happy New Year, Everybody!
