Data Breach Exposes PAGCOR’s National Database of Restricted Persons (NDRP)
A data breach has struck the Philippine Amusement and Gaming Corporation (PAGCOR), with the DeathNote Hackers (DNH) claiming responsibility. The leak was posted on a cybercrime forum by a member using the handle Klammer, who shared evidence of the exposed records.
The NDRP is a sensitive database containing information on individuals who are restricted or banned from entering casinos nationwide due to gambling addiction or other compliance issues. In addition, certain individual particularly government officials are voluntarily excluded from entry in accordance with ethical standards and existing regulations, not because of gambling-related concerns. The system is maintained under PAGCOR’s accredited casino network and includes names, personal details, and positions of individuals flagged as having gambling-related concerns.
https://iili.io/KqfIyVR.png
According to the post, the attackers specifically targeted the “Government Personnel” section, exposing members of government and other public agencies who appear on the restricted list. The leaked agencies and positions include high-ranking officials and employees from the Senate, Congress, PCO, PNP, DILG, DENR, DICT, DOH, DepEd, CHED, DOT, DOE, DBM, DSWD, DTI, and several local government units (LGUs).
The threat actor also published a screenshot showing sample entries from the compromised dataset. Based on the forum disclosure, the database contains 4,007,887 entries in plain text JSON format, with a total dump size of 87MB. The records include full name, circular number, last name, first name, middle name, birth date, position, and agency.
The scope of the exposure is significant as such that among those listed are 15 individuals under the position of Senator, 244 individuals under the position of Congressman, and more than 19,000 individuals under the Philippine National Police (PNP). Other positions identified in the dataset include Municipal and City Mayors, Police Chiefs, School Presidents, GOCC executives, Department Directors, Undersecretaries, National Security Advisers, Bureau Directors, and hospital directors.
In the post, Klammer addressed PAGCOR directly, criticizing the agency for profiting from gambling operations.
"PAGCOR, let’s call it what it is: you are an enabler of addiction, whether you like it or not,” the statement read.
Klammer also issued an open message to PAGCOR’s current Head of Cybersecurity, describing the breach as a form of protest. He claimed that his original intent was to responsibly disclose the vulnerability and claim a bounty reward, but he ultimately chose to release the data publicly, citing moral objections to accepting money from PAGCOR.
At the time of writing, PAGCOR has not issued an official statement regarding the alleged breach.
