Public Safety Mutual Benefit Fund Hit by Ransomware Group ‘RansomHouse’; Internal Files Allegedly Leaked
The Public Safety Mutual Benefit Fund, Inc. (PSMBFI), a major non-stock, non-profit organization that provides insurance and financial services to members of the Philippine public safety sector, has reportedly fallen victim to a ransomware attack carried out by the ransomware group, RansomHouse.
https://iili.io/KpaSpEb.png
According to a post published on the group’s official dark web leak site on November 11, 2025, RansomHouse claimed responsibility for encrypting and exfiltrating data from PSMBFI’s systems earlier this month. The listing, titled “Public Safety Mutual Benefit Fund”, identifies the organization as a “disclosed” victim, with the encryption date marked as November 4, 2025.
The post includes details about the organization, its estimated annual revenue of $16.7 million, and 303 employees, alongside a stern message directed at management urging them to resolve the issue to avoid further exposure of confidential data.
> “Dear management, the Public Safety Mutual Benefit Fund. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to start resolving that situation,” the group’s statement reads.
A directory screenshot accompanying the leak shows dozens of internal documents, with filenames suggesting sensitive operational and administrative content. Among the visible files are:
• Inventory Reports (2023–2024)
• Financial and Tax Records
• Disposal Policies and Memos
• Vehicle Permits and Certificates of Registration
• Employee-related documents and HR memos
• Audit and accounting files
• Bid slips and project certifications
The file timestamps indicate the data was likely exfiltrated around November 6, 2025, with many documents carrying sensitive financial and personnel information.
An internal report obtained reveals that the breach may have compromised multiple internal assets and departmental file servers. The leaked archive structure appears to represent different organizational departments within PSMBFI, including:
ACC – Accounting Department
ADM – Administrative Department
AMD – Accounts Management Department
AUD – Audit Department
HRD – Human Resource Department
INS – Insurance Department
INV – Investment Department
ITD – Information Technology Department
MKT – Marketing Department
MSD – Membership Services Department
TRS – Treasury Department
The report also lists evidence of separate server directories labeled which may correspond to internal projects or database servers used by the organization.
At this stage, it remains unclear how much data was exfiltrated or whether RansomHouse obtained sensitive personal information from PSMBFI’s members — who include personnel from police, fire, jail, and other uniformed services.
While RansomHouse’s leak site mentions that files were “encrypted” and “disclosed,” it also indicates that the data pack is available for download without a password, suggesting that the group has fully published at least part of the stolen information online.
Such exposure could potentially endanger sensitive employee and member information, as well as internal operational data like contracts, project bids, and insurance claims.
The Public Safety Mutual Benefit Fund, Inc. (PSMBFI) has long served as a mutual benefit fund association offering insurance, loans, and financial assistance to personnel of public safety agencies in the Philippines, including both uniformed and civilian practitioners. The organization is known for handling large-scale insurance programs for police and other security personnel.
Its official website, https://www.psmbfi.com.ph/, remained accessible as of this report, with no official statement yet released regarding the incident.
As of this writing, neither PSMBFI nor any government cybersecurity agencies such as the National Privacy Commission (NPC) or DICT’s National Computer Emergency Response Team (NCERT-PH) have publicly confirmed or commented on the breach.
Given the organization’s ties to national public safety agencies, we warn that the breach may have broader implications for data privacy and operational security among uniformed personnel.
