MANILA, Philippines – Hackers may have exposed sensitive information intended to help government in the data-driven approach to poverty alleviation and social services targeting.

The Philippine Statistics Authority (PSA) on Wednesday, October 11, admitted that it may have had a breach and alerted the National Privacy Commission after various posts appeared online showing blurred photos of IDs and personal information.

Based on PSA’s initial assessment, the system affected was “limited” to the Community-Based Monitoring System (CBMS). The PSA also said that as part of its “preventive and containment measures,” it has shut down and isolated the system known to have been affected. It assured Filipinos that other systems that were in charge of securing the National ID system and civil registry were not affected by the breach.

“The PSA is assessing what personal data from the CBMS may have been compromised and will share information with the relevant authorities and the public in due course,” the agency said.

What is the CBMS?

Republic Act No. 11315 or the CBMS Act was signed into law in 2019 and was crafted to institutionalize a technology-based system of collecting data that may be used to plan and assess programs intended for poverty alleviation and economic development. 

The CBMS aims to create a community-based monitoring system which generates updated and disaggregated data needed in targeting social aid beneficiaries and helps in designing policies and interventions. 

It also aims to provide information that will enable a system of public spending that warrants government allocation in areas that need aid the most. 

Play Video

The concept of CBMS has been around for decades, but the law has ensured that PSA will lead the endeavor and allowed the geographical aggregation at the city/municipal, provincial, regional, and national level. It also ensures that data being collected will adhere to official concepts and standards of poverty statistics recognized internationally.

Data collection is conducted by every city and municipality every three years. Local government units may conduct data collection at shorter intervals at their own expense.

Who are interviewed?

For the household survey, heads of households are interviewed by accredited enumerators.

Barangay captains or staff are also interviewed for questions regarding services and resources available in the area.

Respondents are made to sign a consent form or waiver.

What is collected?

What sets it apart from the national census most Filipinos are familiar with? Data generated by the CBMS include the following indicators of the dimensions of poverty such as:

• Health
• Nutrition
• Water
• Sanitation
• Shelter
• Education
• Income
• Employment
• Security

Meanwhile, the CBMS also collects data of barangays, where the following institutions and resources in the area are accounted for:

• Service facilities like hospitals, schools, agricultural facilities
• Government projects
• Natural resources

What is produced after data collection?

Through the CBMS, the PSA is mandated to release the multidimensional poverty index, which takes into account the following: 

• Educational attainment and school attendance
• Hunger, food consumption, and health insurance
• Housing, water, and sanitation
• Employment, underemployment, as well as working children in the household

Where is data stored?

All data obtained from the CBMS are stored at the national and local CBMS databanks. 

City or municipal personnel have various access limitations depending on one’s level to ensure unnecessary leakage and access by unauthorized personnel.

What was leaked?

The PSA is still assessing what personal data from the CBMS may have been compromised. The agency said it will share information with the relevant authorities and the public “in due course.”

For now, the PSA warned the public that social media posts with the alleged sample data include links that contain malware. The public is strongly advised not to click such links. – Rappler.com

Change phone numbers? What to do if you’re a potential victim in PhilHealth breach