DILG’s Full Disclosure Policy Portal Allegedly Leaked: 22GB Data Exposed
A threat actor using the alias “0xSeve” has claimed responsibility for a massive data breach involving the Full Disclosure Policy Portal (FDPP) of the Department of the Interior and Local Government (DILG), exposing what is alleged to be over 22 gigabytes of internal data.
The leak was first posted on a dark web forum earlier today, where the actor published a thread titled “[LEAK] Full Disclosure Policy Portal | fdpp.dilg.gov.ph | 22GB+”. In the post, the actor included a list of compromised files and database dumps, reportedly containing more than 40 million records from the FDPP system.
https://iili.io/KjzeXHv.png
https://iili.io/KjzeVUJ.png
According to the post, the stolen data includes CSV files such as:
• audit_trail.csv (over 37 million records)
• attachment_storage.csv (218,599 records)
• doc_remark.csv (470,455 records)
• change_log.csv (56,914 records)
• logs.csv (746,208 records)
• user_info.csv, user_mode.csv, and other tables related to user history, divisions, regions, and tokens.
In total, more than 50 different database tables were mentioned, covering administrative documents, logs, and user-related information.
The actor, “Seve,” also defaced one of the FDPP’s web directories, replacing a page with a red-themed message that read:
> “Greetings DILG — Here’s a low-budget defacement page for ya! Talk about budgets, everything is out there now. When I say everything, I mean it.”
The defacement also featured a quote attributed to the attacker:
> “Anyone can be corrupt given the opportunity to do so, but corruption remains a matter of CHOICE.”
The Full Disclosure Policy Portal was designed by the DILG to promote transparency and accountability among local government units (LGUs) by requiring them to publicly disclose budget and financial documents. However, this incident suggests that the platform may have been compromised, raising questions about the security of government transparency systems.
As of this writing, the Department of the Interior and Local Government (DILG) has not issued any official statement regarding the alleged breach or the defacement of its website.
