IT head reveals LTO data breach
A veteran journalist and broadsheet technology editor and IT disclosed an alleged Land Transportation Office (LTO) data breach of customer and employees.
This was according to a Facebook post by Art Samaniego, technology editor and IT head of a broadsheet newspaper, saying that 45,008 customer credentials and 8,442 LTO employee data have been possibly leaked and that the Department of Information and Communications Technology (DICT) “will be on top of this situation.”
However, the LTO has not yet released an official statement admitting nor debunking allegations of a security breach in its foreign-made information technology (IT) platform, Land Transportation Management System (LTMS), which circulated on social media in recent weeks.
On the other hand, a Facebook post of Deep Web Konek (DWK), an alliance of cyberthreat intelligence advocates with over 11,000 followers on the popular social networking site on 20 April, mentioned that it has monitored an alleged data breach involving the LTO in the past week.
“Yesterday, a user reported a breach on LTO with a sample from one of their Regional Offices. There were two reports within this week sent to DWK. The other was 34 gigabytes (GB) of data was compromised, which the team is still waiting for samples for checking,” a portion of the post read. However, both Samaniego and the DBK admitted they are waiting for additional information to verify the data breach reports.
It can be recalled that the controversial P3.14-billion LTMS project, which was aimed at digitizing the core processes of the LTO, was awarded to the joint venture of German technology firm, Dermalog and three local companies: Holy Family Printing Corp., Microgenesis, and Verzontal Builders Inc. in May 2018.
To recall, the Supreme Court (SC) has submitted for resolution the petition filed by private citizens Gerald Domingo and Atty. Jose Carlito Montenegro, which sought to nullify the LTMS contract.
The petitioners described the LTMS project as a flawed agreement that may eventually lead to a threat to national security and even a breach of informational privacy of the LTO data that includes private information of the agency’s clients. The petitioners also stressed that the LTMS remains incomplete and not fully functional due to defects in its design.
Aside from the cancellation of the LTMS contract, Domingo and Montenegro asked the SC to compel the LTO to blacklist Dermalog from participating in any public bidding process and file appropriate administrative and criminal cases against current and previous transportation officials involved in the said project.
The House Committee on Transportation has also conducted several hearings to discuss the irregularities of the LTMS contract, particularly on the red flags raised by the Commission on Audit, which include project delays, advance payments, contract legality, and Dermalog’s possible link with other third-party providers.