WHEN BPO worker Alfedo Compra Jr. learned about the Commission on Elections (Comelec) database hacking that leaked voters’ personal information online, he immediately changed all his online bank passwords for fear he will become a victim of fraud, identify theft and other online illegal activities.
Compra is a fan of online banking. He uses this convenient tool to shop for products online and do fund transfers.
“I changed all my passwords,” he said.
He was disappointed over the leak, saying that this is another example of “how weak our government is when faced with threat preparedness, detection and response.”
“Regardless of the motives of the hackers, election-related or not, anybody named is now a prime candidate for potential phishing and social identity attacks. This serious threat makes me frantic, thinking that the stolen data will be used to access bank accounts or used to craft more convincing phishing or business email compromise scams in the future,” said Compra, a supervisor for communications and marketing of a BPO firm in Cebu.
“This attack may very well lead to wide-scale attempts at identity theft later on down the line. It is frustrating that with the amount of taxes we pay, we are still underinvesting in terms of digital security infrastructure,” he added.
The Cebu Bankers Club (CBC), meanwhile, issued an advisory yesterday assuring the banking community that the banking system remains “safe and secure” amid the Comelec database controversy.
“There is no cause for alarm. The banking system remains safe and secure. We have strict measures in protecting our clients,” said CBC president Rey Eleccion in an interview yesterday.
CBC’s advisory noted that “banks do not use biometrics data to process transactions” and that they “require actual signing of documents and do verbal and SMS confirmations.”
The massive leak of the Comelec database last week exposed 70 million Filipino voters to fraud and other online illegal activities. The 338GB Comelec database contains voters’ personal information such as address, mother’s maiden name, birth date, passport and finger print information, which are also similar information mostly used when doing online transactions.
“We are strict in protecting the data of our clients and we do not use complete name and birthday only, we go beyond those. Some member banks even send e-mail and SMS alerts to confirm their transactions,” the CBC said.
The organization, however, advised the banking public not to share their online passwords and to never create one that is related to their personal information. CBC also advised to change passwords regularly and to refrain from using public computers and unsecured Internet connections.
The Bankers Association of the Philippines (BAP) has already issued a memo to its member-banks to tighten its security measures to protect their clients.
BAP strongly encouraged banks “to perform necessary modifications and switch on back-up systems for online account recovery protocols and other critical processes that may be affected” since most banks use these personal information for online transactions.
The Comelec database was uploaded to a site named “Philippines, we have your data.” The site allegedly made by Lulzsec Pilipinas allows anyone to input a first name and last name to index a list of possible matches from the Comelec database.
The Department of Justice has already vowed to probe the hacking of the Comelec website. It said that they have already put together agencies that are tasked to look at online and cybersecurity to investigate the hacking.
Eleccion, meanwhile, dismissed the possibility that online banking transactions would be affected by this controversy.
“Clients would continue to use online banking because of strict security and authentication procedures,” he said.
Cybersecurity firms have earlier urged financial institutions to safeguard their systems by deploying up-to-date security measures to ensure data and network protection.
Records from the Bangko Sentral ng Pilipinas show that around 22 million people use electronic banking services and channels and that the volume and value of e-money transactions keep growing over the years.