DPWH PELITA System Breached; Nearly 72,000 Employee Images and 1.9 Million Lines Exposed in Major Data Leak
A data breach has struck the Department of Public Works and Highways (DPWH) after a threat actor known as Klammer publicly released internal files allegedly extracted from the agency’s Personnel Electronic Log for Integrated Time and Attendance (PELITA) system. The leaked dataset includes 71,923 employee verification photos, along with CSV and JSON files containing more than 1.9 million lines of data, amounting to approximately 6.2 gigabytes in size. Screenshots posted by the threat actor show extensive directories of timestamped images, structured metadata, and employee folders that appear to span several years of attendance logs.
Based on initial review, the exposed materials contain sensitive information such as names, employee IDs, office assignments, timestamp entries, and validation indicators corresponding to daily time-in and time-out activities. The CSV files include detailed line-by-line data fields, some of which reflect repeated entries for individual employees across different dates. Personnel from several DPWH divisions appear in the dataset, particularly those associated with the Public-Private Partnership Service and other regional or central offices. With tens of thousands of unique biometric-style images and extensive log files now publicly accessible.
https://iili.io/ffQdS7S.png
https://iili.io/ffQdUk7.png
https://iili.io/ffQd822.png
In the message accompanying the release, the threat actor framed the breach as a reaction to ongoing public frustrations regarding governance and perceived gaps in accountability within infrastructure-related institutions. The statement referenced President Ferdinand Marcos Jr.’s announcement on November 21 about warrants issued in relation to a flood-control corruption case. According to Klammer, some members of the public view such actions as limited in scope, asserting that they target lesser individuals rather than addressing deeper systemic issues. They argued that the public continues to demand more comprehensive accountability from agencies responsible for major infrastructure operations and disaster-related programs.
Klammer’s message emphasized skepticism toward what they described as “surface-level enforcement,” urging citizens not to forget past calamities or recurring failures in disaster response that have shaped public perception of institutional shortcomings. The threat actor stated that many Filipinos remain wary of efforts that appear to divert attention from longstanding problems, stressing the need for vigilance and sustained public pressure to ensure genuine reforms. Their statement, though critical, reflects broader public sentiments calling for stronger oversight and transparency in agencies whose actions directly affect national infrastructure and public welfare.
The breach itself highlights serious cybersecurity vulnerabilities within the PELITA platform. The system, designed to use facial verification images as part of daily attendance monitoring, appears to have been compromised at a depth that allowed full extraction of raw image files, folder structures, and database-like logs.
As of this writing, the DPWH has not issued a public statement regarding the breach. It remains unclear whether the incident was caused by external intrusion, insider access, or system misconfiguration. Regardless of the attack vector, the scale and sensitivity of the leak rank it among the most consequential government data exposures in recent years, particularly given the nature of the data involving facial images tied to employee attendance.
