Makati: No data breach in COVID-19 portal
The Makati government denied yesterday the reported data breach in the city’s COVID-19 relief portal, Proud Makatizen.
Don Michael Camiña, spokesman for the city government, made the statement following a cybersecurity firm’s report about “vulnerability” on the Proud Makatizen website.
Camiña said no personal data of the residents were compromised as the supposed breach took place in an offline development server that houses “fictitious test data.”
“There was no data breach with the computer servers of the city government. The subject system is a development server containing fictitious test data. It is no longer online,” he said.
The alleged breach was discovered and reported by VPNMentor, a cybersecurity research team.
Proud Makatizen is the local government’s COVID-19 relief portal where residents sign up for vaccinations, financial assistance and other services.
“Proud Makatizen had misconfigured an Amazon Web Services S3 bucket, exposing over 620,000 files stored within. The files included photos of identification cards as well as private medical and financial information,” VPNMentor said in its report.
According to the cybersecurity research firm, a total of 39.7 gigabytes of files and around 300,000 Makati residents were exposed to digital crimes such as identity theft and privacy violations.
Camiña maintained that no personal information of Makati residents were compromised.
“These irresponsible statements can potentially create undue panic among Makatizens and businesses about the safety of their personal and corporate data entrusted to the city government,” he said.
“We assure the residents that the city government of Makati is committed to protect their personal information,” Camiña added.