Skip links

House of Representatives and PhilHealth Websites Hacked: PH Cybersecurity at Constant Crisis

The Philippines is experiencing a rise in cyberattacks, putting internet users at risk. This article explores notable hacking incidents, urging brands and individuals to stay vigilant and take responsibility for online safety.

The Philippines, like other countries, faces a growing danger of cyberattacks due to the rise of digital technology. This article examines notable hacking incidents in the Philippines, comparing them to similar global events. The aim is to raise awareness of these cyber risks and encourage internet users to be cautious and responsible. By understanding these incidents better, we highlight the significance of individual vigilance in ensuring online safety for all.

Blog Overview

Oct. 15, 2023 – House of Representatives Website Defaced

The House of Representatives website was hacked and defaced on Sunday, marking another cyberattack on a government website.

A message saying “You’ve been hacked” appeared on the website’s landing page,, along with a troll face comic meme.

The message also included the text “Happy April Fullz kahit October pa lang!” and the hacking was claimed by someone named 3MUSKETEERZ.

This image shows the House of Representatives' defaced website, a clear PH cybersecurity crisis.
This image shows the House of Representatives defaced website on Sunday October 15 2023 Screenshot from the HOR website

House Secretary General Reginald Velasco confirmed the unauthorized access and stated that the House is working with the Department of Information and Communications Technology (DICT) and law enforcement agencies to address and investigate the incident.

The DICT stated that they are aware of the cybersecurity incident and are currently investigating its extent. They will provide further updates to the public as they become available.

Oct. 9, 2023 – DLSU Experiences Cybersecurity Incident

De La Salle University's official statement for the recent cybersecurity incident. One of the recent PH cybersecurity attacks this year.
De La Salle Universitys statement on the recent cybersecurity incident on Monday October 9 2023 Photo from the DLSU FB page

De La Salle University experienced a cybersecurity incident that affected their on-premise-hosted applications. However, it did not impact student records and cloud-hosted applications.

The university has taken several preventive measures, such as taking network systems offline, restricting the use of DLSU-issued computers and laptops, and activating additional security features on Google Workspace accounts. To investigate the incident, DLSU has enlisted the help of a leading global cybersecurity company. The university is currently working on resolving the situation and restoring network systems. Updates will be provided to the community as they become available.

Sept. 22, 2023 – PhilHealth Data-Base Hacked

The personal information of some PhilHealth members was compromised after hackers attacked the website and online application. As per the National Privacy Commission, 734 gigabytes worth of data were leaked.

According to PhilHealth, user data including names, addresses, date of birth, sex, phone numbers, and PhilHealth identification numbers have been compromised. The company is currently working on directly notifying all affected individuals.

Those affected were advised to monitor their credit reports for any unauthorized activity, place a fraud alert on credit reports, change passwords on online accounts, and be cautious of phishing emails and smishing texts.

The attack occurred on September 22, but PhilHealth has emphasized that its primary database was not infected. The state insurer temporarily suspended its online services and transactions until September 29, when the website was restored.

Aug. 31, 2023 – DOST’s OneExpert Portal Compromised

The Department of Science and Technology (DOST) reassured the public that the recent cyberattack on the OneExpert portal did not compromise any personal information.

Although data resembling the names and email addresses of technical experts and users from the site was posted on Facebook, sensitive personal information remains secure. The OneExpert portal serves as a registry of Filipino experts, aiming to enhance access to their services and promote science and technology in the country.

The DOST, along with appropriate response measures, has restored normal operations and continues to monitor and log website usage for official records.

DOST Statement regarding data leak on OneExpert
DOSTs statement regarding the data leak on OneExpert Photo from the DOST Facebook Page

PH is NOT ALONE in its Cybersecurity Crisis

In the face of ongoing cybersecurity crises, it is crucial to be alarmed and vigilant. However, it is also important to remain hopeful and remember that we are not alone in this battle. Let’s review some hacking incidents and how these websites successfully recovered.

Cyberattack on US Government Agencies

Cybercriminals have launched a global cyberattack on several US federal government agencies and hundreds of companies and organizations. While the hacks have not had significant impacts on federal civilian agencies, they add to a growing list of victims in a hacking campaign that has targeted major US universities and state governments. The Department of Energy and Oak Ridge Associated Universities are among the federal agencies affected. Johns Hopkins University and Georgia’s state-wide university system have also been compromised. Other victims of the hacking spree include the BBC, British Airways, Shell, and state governments in Minnesota and Illinois.

To quickly mitigate the crisis, the agencies promptly notified customers about the steps needed to secure their systems and temporarily shut down MOVEit Cloud to address the problem.

In addition, the Department of Energy acted swiftly upon discovering that two of its entities had compromised records. They immediately took measures to minimize the impact of the hack and notified Congress. They are now working together with law enforcement, the Cybersecurity and Infrastructure Security Agency (CISA), and the affected entities to investigate the incident and mitigate the breach.

Iran Government Website Hacked

Iran’s Ministry of Culture and Islamic Guidance (Ershad) and its affiliated websites were targeted in a cyberattack. The Mojahedin-e-Khalq (MEK) claimed responsibility, defacing the ministry’s website with photos of their leaders and disrupting multiple portals and servers. The MEK has a history of cyberattacks and has targeted Iranian state broadcasting channels and disrupted gas station payments in Iran. Previously listed as a foreign terrorist organization by the US, the MEK now maintains connections with politicians in the US and Europe.

The photos were immediately removed, and the ministry website is now back in operation. However, the Iranian government has not made any statements regarding the hacktivist cyberattacks.

FakeCalls Threat South Korean Banking and Finance Sector

A new banking Trojan called FakeCalls is posing as a banking app and imitating phone conversations with bank employees. It targets popular Korean banks and can intercept calls, displaying a fake call screen. The Trojan can connect victims to cybercriminals or play prerecorded audio to extract payment data. It can also activate the microphone, access personal information, and spoof incoming calls.

Unfortunately, these threats are still rampant in South Korea. To protect your data and money from cyber criminals, follow these tips. Only download apps from official stores, avoid unknown sources and be cautious of app permissions. Never disclose confidential information over the phone, and install reliable security software for all your devices.

In order to better understand the causes of these frequent security breaches, it is crucial for us to examine the insights provided by Cyfirma, a cybersecurity firm. They offer a comprehensive perspective on the current prevalence of these attacks. 

PH Vulnerable Cybersecurity Decoded

The Philippines is situated in a strategically important region that is home to a significant population and global trade. In this region, there are various geopolitical challenges, including the rise of China and the ongoing conflict over Taiwan. Due to its close ties with the United States and its location in the South China Sea, the Philippines is vulnerable to cyberattacks. Additionally, North Korea poses a notable cyber threat as it continuously improves its attack techniques. 

As the Philippines strengthens its relationship with the United States, it also exposes itself to an increased risk from China. Chinese policy in the region has led to the formation of tighter security partnerships, potentially creating competition for other powers, including the Philippines. It is worth noting that Russia’s increasing reliance on China is a significant development, hinting at the formation of a potential Eurasian bloc that could challenge other regional powers. 

Given its location, the Philippines plays host to various cyber actors, including China, Russia, and North Korea. The conflict over Taiwan is a major security concern, as it could have unpredictable cyber consequences. In light of these challenges, it is crucial for businesses in the Philippines to prioritize strengthening network security and cybersecurity practices.

Preventative Strategies and Best Practices

Protecting against cyber threats in the digital world doesn’t have to be overwhelming. By understanding common hacking methods and staying informed, you can strengthen your cyber defenses. Here are some simple steps to prioritize cybersecurity:

  • Keep things updated: Regularly update your software to prevent hacks that exploit outdated systems. Stay informed about new scams and threats to stay one step ahead.
  • Create strong credentials: Use strong, unique passwords and consider using a password manager. Add an extra layer of security with two-factor authentication.
  • Be cautious with connections: Avoid unsecured Wi-Fi networks and consider using a Virtual Private Network (VPN) to encrypt your internet connection and protect your data.
  • Think before you click: Be mindful of unsolicited emails, links, and attachments. Verify sources and use official communication channels whenever possible.
  • Back up your data: Regularly back up important information to avoid losing it in case of a cyberattack.
  • Stay informed: Follow reputable sources for updates on cybersecurity and stay aware of the latest threats.

By adopting these practices, you not only protect yourself but also contribute to a safer internet for everyone.

What’s Next?

The cyber threat landscape is vast and complex, affecting countries worldwide, including the Philippines. It is crucial for us to collectively respond to this global challenge by increasing awareness and adopting safe internet practices. This article aims to showcase the prevalence of hacking incidents both locally and internationally, emphasizing the significance of individual vigilance. Although we cannot control cybercriminals and their methods, we can control our actions and the precautions we take. Let’s stay informed, be cautious, and promote a responsible digital culture to create a safer online environment for everyone.

M2.0 Communications is a seasoned PR and crisis communications agency in the Philippines. Our experienced senior management team helps you stay ahead of issues and provides practical advice during high-risk situations. Learn more about our work by visiting our case studies page.

Share this post on: