Data security officer admits he managed to access celebrities' data in Belo Medical Group's system
The data security officer who was among those who were arrested for hacking several private and government websites, banks, and Facebook accounts admitted that he also managed to breach into the system of Belo Medical Group (BMG).
In a report by TV Patrol, the hacker going by the name "Kangkong" said that he was able to download the database of the beauty clinic and was able to gain access to records belonging to famous celebrities and personalities.
When asked about his goal in hacking the famous beauty clinic, Kangkong said, "Wala, nacurious lang po ako."
According to the National Bureau of Investigation, the hacker was able to get the names of the clients as well as their addresses, age, contact numbers, birthdays, payments, credit card or bank account numbers, email addresses, and more.
Kangkong, however, asserted that he did not sell the database of the medical aesthetics center.
"Never po akong kumita sa mga data. Usually ang ginagawa ko kapag nakakakuha akong website, kapag nadownload ko, malilimutan ko na siya," he said.
Kangkong previously claimed that he hacked 93 websites of the government and private companies. It wasn't specified whether BMG is included in this number.
National Privacy Commissioner John Henry Naga said that while BMG is registered with the National Privacy Commission, they were not notified of any data breach from the beauty clinic.
He explained that companies are obligated to inform the data privacy authority and their clients of any data breach that happened to their system within 72 hours.
"If proven na talagang na-breach sila tapos hindi sila nagreport sa NPC, mayroon itong administrative fine and at the same time, may criminal offense din 'yun. Kasi ito eh sensitive personal information, mga medical procedure," Naga said.
The NPC is now coordinating with the NBI to resolve the hacking issue.
Belo Medical Group to 'actively cooperate' with the investigation
In a statement sent to the news outlet, BMG said that it "fully supports and will actively cooperate with any investigation aimed at uncovering the details of the recent data breaches."
They assured that they are "fully compliant to the Data Privacy Policies and are committed to the development of effective solutions to enhance data security and protect the privacy of all individuals."
In a separate report by ABS-CBN, Kangkong claimed that Manila Bulletin Senior Technology Officer Art Samaniego was the one who ordered the hacking of the Peacekeeping Operations Center website of the Armed Forces of the Philippines, the mail server of the National Security Council, and the recruitment website of the Philippine Army.
In a statement by Manila Bulletin that was likewise shared by Samaniego, the news outlet insisted that it has "always adhered to the laws of the land and requires its employees to the law abiding."
"We expect our employees to be accorded their rights. We assure the public of Manila Bulletin's utmost fidelity to the laws of the land," they added.