Hacktivist Group, Happy Go Lucky PH Claims Breach of DILG Intranet
A hacktivist group calling itself #HappyGoLuckyPH has claimed responsibility for infiltrating the internal network of the Department of the Interior and Local Government (DILG), alleging that they successfully extracted around 400 gigabytes of internal government data. The group released files and screenshots to support their claim, including an image showing access to a DILG SQL interface. An initial review of the screenshot indicates that the group gained access to a production database used for Gender and Development (GAD) document management, containing over 113,000 records. These records include internal reports, government templates, LGU submissions, budget-related documents, PDF and Word file uploads, and other administrative files with corresponding hash values, file extensions, and remarks. The structure and volume of these entries appear consistent with an active government repository, not test or placeholder data.
https://iili.io/fFuKV4f.png
https://iili.io/fFuKX24.png
https://iili.io/fFuKMEG.png
Another screenshot displayed a download manager actively retrieving several large SQL dump files from within the DILG intranet. While the filenames were not fully shown, the labels suggest that the dumps correspond to major DILG systems involving local government data, planning and performance information, profiles of elected local officials, barangay-level reporting systems, finance and budget structures, and other monitoring platforms used across LGUs. The source domain visible in the screenshot, dilg.gov.ph, further indicates that the data originated directly from government servers.
In a statement, #HappyGoLuckyPH claimed that they spent several days moving laterally inside the network before extracting the data. They said the information they took includes national and local budget data, local government unit databases, the Elected Local Officials Database, Local Development Planning Profiles, the Local Officials Case Monitoring System, and data from both the Barangay Full Disclosure Policy Portal and the Barangay Information System. The group described the incident as an act of hacktivism rather than cybercrime for profit, stating that they do not sell or trade any stolen information. According to their message, their actions were intended to call attention to corruption, which they claim continues to harm Filipino communities. They added that government officials who cannot properly serve the public should be held accountable.
HappyGoLuckyPH further alleged that the DILG took down several servers, including its main website, last Friday, possibly after detecting unusual activity. Some DILG services did experience interruption in recent days, though the agency has not confirmed whether this downtime was related to a security incident. Based on the available screenshots, directory structures, and the nature of the SQL environment shown, the data samples appear consistent with authentic internal material, although full verification will require confirmation from the DILG.
As of this writing, the DILG has not issued an official statement addressing the breach or confirming whether its systems were compromised.
