By Benjamin Pulta
MANILA – The Supreme Court (SC) on Wednesday said it is validating social media reports of a major data breach in its system, days before a new rule to digitize proceedings requiring litigants in lower courts are required to submit digital copies of their pleadings, goes into effect.
“We learned of the social media post about the alleged data breach, and our MISO (Management and Information Systems Office) is currently validating it. Rest assured, the Court has invested in cybersecurity for its data and will continue to do so as we digitalize our processes,” SC spokesperson Camille Ting said in a message to newsmen.
“All processes of the Court, including the Bar exams, are secure,” Ting added.
The Bar examinations, which will be held online in multiple sites, will be held next month.
A social media post claimed that on Aug. 27, a “significant security breach” hit the Supreme Court, allegedly leading to the “exposure of highly sensitive legal data.”
The supposed breach also includes data as to payment of legal fees which is handled by a local bank.
No evidence of breach
In a separate statement, the Supreme Court said it, along with its service providers, has “found no evidence of a breach or indication that sensitive data was compromised” as of Wednesday afternoon.
“The Court will continue to investigate further, employing the right amount of redundancy by approaching the investigation from many angles,” it added.
The SC said it would do another round of Vulnerability and Penetration Testing assessment (VAPT) as a precautionary measure, and has asked its providers and partners to do the same.
“We are also going to conduct another external review of our cybersecurity systems,” it said.
“We assure the public that in its current efforts to digitalize court processes, the Court has always given priority to cybersecurity and taken the necessary precautions in terms of training, access, and the use of the needed apps and hardware. We have layers of in-house and external cybersecurity.”
The SC warned individuals who may be tempted to hack its data that its systems are professional, state-of-the-art, robust, and “capable of identifying and tracing the sources of any form of attack.”
“We also remind the public that any attempt to gain unauthorized access or compromise our systems, as well as releasing sensitive and private data without proper authorization, are criminal acts,” it added. (PNA)