Hacktivist Group “Quantum Security Group” Claims Major Breach of DOH and LGU Systems
By Deep Web Konek (DWK) News Desk | November 5, 2025
The hacktivist collective Quantum Security Group (QSG) has claimed responsibility for a major data breach targeting multiple government and local systems with several critical databases from the Department of Health (DOH) confirmed among the affected.
The disclosure, posted online on November 5, aligned with the Million Mask March, a symbolic day for hacktivism and digital resistance.
Preliminary verification indicates that the following DOH systems were compromised:
• pwd.doh.gov.ph – Persons with Disability (PWD) Registry and Certification System
• gidas.doh.gov.ph – Geographic Information for Disability and Health Surveillance
• itis.doh.gov.ph – Integrated Tuberculosis Information System
• mndrs.doh.gov.ph – Maternal, Neonatal, Death Reporting System
• nhfr.doh.gov.ph – National Health Facility Registry
• pidsr.doh.gov.ph – Philippine Integrated Disease Surveillance and Response
• rabies.doh.gov.ph – Rabies Case Monitoring System
• uhmistm.doh.gov.ph – Unified Health Management Information System
Based on the analysis, this incident as one of the most sensitive health-related breaches in recent Philippine history. The PWD System stands out as the most alarming, as the database stores personally identifiable information (PII) and sensitive personal information (SPI) of registered individuals with disabilities, along with medical and government identification details.
An initial forensic inspection of the leaked sample reveals highly structured CSV-style datasets consistent with government registry exports. The dataset contains over 70 columns of detailed personal, medical, and administrative information, far exceeding what would normally be required for public services.
The following key fields were identified in the exposed file structure:
Personal Identifiers:
• Full name (last, first, middle, suffix)
• Birthday, gender, civil status
• Complete address (region, province, city/municipality, barangay, house/street)
• Contact numbers (landline, mobile), email address
Government Identification Numbers:
• SSS No., GSIS No., PAG-IBIG No., PhilHealth No., PSN No., and other ID references
• Fields for “Other ID” and “Other ID No.” were populated in several records, suggesting possible cross-linking with other national registries
Health and Disability Information:
• Medical conditions such as speech/language impairment, visual disability, mental disability, psychosocial disability, cancer (RA 11215), and rare disease (RA 10747)
• Data on the cause of disability — categorized into acquired or congenital/inborn origins
• Linked medical documentation, including physician names, license numbers, medical certificate issuances, and disability certificate details
Administrative and Internal Tracking Fields:
• Officer and Encoder names
• Certificate issuance and expiration dates
• Control numbers, reporting usernames, and internal remarks fields
Beyond the DOH, QSG listed other affected domains, including:
• aims.rcc.edu.ph – Academic portal of Romblon State University
• eco.bohol.gov.ph – Bohol Provincial Government
• pampanga.gov.ph – Provincial Government of Pampanga
• prime.depedncr.com.ph – Department of Education NCR PRIME System
• t-tadac-admin.dilg.gov.ph – Department of the Interior and Local Government portal
Each domain listed serves public or administrative functions, raising concerns that other local government databases may also be compromised.
In their online statement, QSG framed the breach as an act of “digital resistance,” writing:
> “We rise not with violence, but with courage, unity, and visibility… We demand audits that cannot be ignored, investigations that cannot be stalled, and accountability that reaches every office.”
The group ended its post with the line:
> “The Fifth of November is not a date. It is a verdict. We are the verdict.”
As of publication, the Department of Health (DOH) and Department of Information and Communications Technology (DICT) have not released formal statements. Given the nature of the exposed fields, affected individuals could be at risk of identity theft, fraud, and medical record misuse.
Deep Web Konek (DWK) reiterates that it does not host or redistribute any leaked or stolen data. This report is provided solely for cybersecurity awareness and public information.
