There’s no week without a breach or leaky database.
Jeremiah Fowler, a well-known cybersecurity researcher, has stumbled upon an exposed database exposing over 153 GB of personally identifiable information (PII) of students and parents in the Philippines.
In total, over 200,000 records were found in a non-password-protected cloud database linked to the Online Voucher Application (OVAP), a platform set up by the Department of Education (DepEd) and the Private Education Assistance Committee (PEAC) in the Philippines.
According to Fowler’s report to vpnMentor, it remains unclear who managed the database and whether any malicious party had access to it prior to the sensitive data listed in the exposed files.
The researcher did, however, provide an extensive list of data he was able to peruse.
“Inside the database I saw numerous documents that contained PII, including tax filings, voucher applications, parent or guardian consent forms, financial assistance, local government certifications, certificates of employment, death certificates, and other notarized or official documents,” Fowler explained.
“Tax records are considered highly sensitive as they contain the full name of the person who’s filing and their children, as well as their home address, phone number, employer, and tax identification numbers. The application folders also contained image files (profile photos) of the children,” he said.
The full list of exposed PII can be seen below:
Applicant’s personal information:
Data belonging to the applicant’s family:
While the database was secured shortly after Fowler sent a responsible disclosure notice to the DepEd and the Philippines’ National Privacy Commission (NPC), Fowler also mentioned that the exposure poses a variety of potential risks for both students and their families.
“Exposing how much an individual earns and where they are employed could hypothetically put them at risk of financial fraud, phishing attempts, or identity theft,” Fowler said. “In this case, it could lead to students and their families’ potential monetary loss. In the wrong hands, Personally Identifiable Information such as names, addresses, contact details, and date of birth increases the potential risk of identity theft and impersonation.”
Worried about data breaches and leaks?
With Bitdefender’s Digital Identity Protection (DIP) service, you can discover and curate the extent of your digital identity to make more privacy-focused decisions to keep your identity and finances safe.
Our dedicated digital identity protection service helps you immediately respond to data breaches and leaks of personally identifiable information with 24/7 monitoring and provides easy 1-click action items that enable you to secure your accounts and data.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024