Massive Data Breach Hits Viva Communications Inc.: Nearly 2 Million Records Leaked
Viva Communications Inc., one of the country’s leading entertainment and media companies, has allegedly become the latest victim of a large-scale cyberattack. A hacker group identifying itself as Quantum Security Group has claimed responsibility for the breach, leaking nearly two million records of employee and customer data onto underground forums.
https://iili.io/KEPK8Q4.png
According to screenshots and announcements posted by the attackers, the leaked data includes:
• 3,635 employee files containing personal and sensitive information such as IDs, contact details, and HR records.
• 300 corporate asset records covering company-owned properties and resources.
• ~508,000 emails taken from Viva’s communications systems.
• 111,000 COVID-related health records, which may expose confidential medical information.
• 112,000 payment records, containing financial transaction details.
• Over 1,048,675 private messages pulled from Viva’s internal platforms.
https://iili.io/KEP2zIR.jpg
The stolen data appears to have been consolidated into a collection of CSV and Excel files, some of which were previewed by the hackers. Filenames include employees.csv, leave_apps.csv, active_users.csv, last_login.csv, paymentrecords.csv, and covid19checklist.csv. The compressed archive shared online was sized at 167 MB, and is believed to contain the full set of stolen records.
In addition to the data leak, Quantum Security Group also defaced one of Viva Communications Inc.’s portals, replacing a company page with a digital calling card of their attack. The defaced page, found at http://xportal.viva.com.ph/xxx.php, displayed a message related to the current issue on flood control projects.
The group added that Viva’s carelessness in securing sensitive data is “not just sloppy, but reckless,” accusing the company of exposing employees, customers, and partners to risks of fraud, phishing, identity theft, and blackmail.
The group also accused the government of corruption and negligence, suggesting that their actions were not only a strike against a private company but also a statement against systemic weaknesses in the country’s cybersecurity landscape.
As of press time, Viva Communications Inc. has not yet released an official statement regarding the alleged breach, the leaked files, or the defacement of its online portal.
