ALL government websites across the country came under cyberattacks on September 21, with at least 19 portals hacked and defaced during the height of anti-corruption rallies, the Department of Information and Communications Technology (DICT) confirmed on Monday, September 22, 2025.
DICT Secretary Henry Aguda clarified that no personal or sensitive data was compromised during the incident. “To date, wala pa kaming verified reports of exfiltration. So wala pa personal information na nawala,” he said in a Palace briefing.
Four of the defaced portals were from national agencies — the Anti-Red Tape Authority (ARTA), Bureau of Customs (BOC), the DICT itself, and the Department of Economy, Planning and Development (DEPDev) — while the rest belonged to local government units.
Aguda explained that only training modules and complaint platforms were affected, and these were immediately restored.
Assurance on the eGov PH App
The DICT also moved to assure the public that the eGov PH App remained secure and unaffected. In a statement, the department clarified that the disruption involved a separate third-party system integrated into the platform, not the app’s core infrastructure.
“As of this time, there is no evidence of a data breach within the eGov PH App. All personal information in the app remains secure, encrypted, and protected by strict cybersecurity protocols in line with the Data Privacy Act of 2012 and internationally recognized standards,” the agency stressed.
Aguda further revealed that government networks faced more than 1.4 million hacking attempts during the September 21 incident. “Ang dami niyan. And kung makikita niyo apat lang yung naka-lusot,” he said, praising the Cybercrime Investigation and Coordinating Center, the Cybersecurity Bureau, and the National Computer Emergency Response Team for preventing more serious intrusions.
A pattern of cyber threats
The September 21 defacement reflects broader challenges in the country’s digital infrastructure. Earlier this year, the DICT disclosed that it had foiled around 5.4 million malicious attempts targeting 32 government agencies, some linked to advanced persistent threat (APT) groups associated with foreign states. Independent research has also shown that millions of Filipino users remain vulnerable to local and online threats, with foreign-based servers often serving as staging grounds for cyberattacks.
Past cases highlight both the scale of the threat and the importance of clear communication. For instance, in 2024, the DICT corrected exaggerated claims that the Department of Science and Technology lost 25 terabytes of data in a breach, clarifying the actual figure was closer to two terabytes. The Bureau of Jail Management and Penology also confirmed a separate intrusion into its website but said no sensitive information was stolen. In other cases, alleged large-scale leaks, including those involving the eGov PH App, were eventually declared hoaxes after forensic review.
Investigation ongoing
Authorities suspect that hacktivist group AnonymousPH may be behind the September 21 defacements. While the group has reportedly denied involvement, monitoring in the cybersecurity community continues to point to them. Aguda said a person of interest is also being pursued in coordination with law enforcement, but declined to release details pending further investigation. DEF