Threat Actor Claims Release of PLLO Contact Records Containing Details of Legislators and Government Staff
A threat actor known as Klammer of Deathnote Hackers International has released what is described as a set of internal records allegedly belonging to the Presidential Legislative Liaison Office (PLLO), claiming the information was accessed with assistance from a member of NULLSEC Philippines. According to the statement posted with the release, the actor was contacted and offered access to PLLO’s system, which they used to scrape the dataset. The hacker also remarked that some of the entries appeared outdated, implying that the PLLO had not updated portions of its personnel directory.
The leaked records are structured into categorized files and reference a wide range of individuals connected to legislative and administrative government functions, including senators, congressmen, partylist representatives, chiefs of staff, legislative officers, committee personnel, cabinet offices, PLLO employees, and staff from related agencies. The dataset reportedly includes full names of lawmakers and their staff members, birth dates and birthplaces, sex and political party affiliations, congressional districts, office details such as room assignments, email addresses both official and personal, landline numbers, cellphone numbers, as well as information on staff positions including chiefs of staff and appointment secretaries with their respective contact details.
https://iili.io/K0p4I6J.png
https://iili.io/K0p6Aiu.png
Klammer announced the release in a manner framed with satirical and provocative language, encouraging the public to reach out to government officials during the holiday season and referencing frustrations surrounding the recent removal of certain pages online. The message positioned the publication as an opportunity for direct contact with elected figures and government personnel while listing the offices and sectors included in the leak.
The DWK Cybersecurity Division noted that the breach closely resembles a dataset that surfaced during the final week of September, posted by a separate actor known as SentinelX, suggesting that the new release may be a repost, recirculated leak, or a dataset derived from the same internal source. Several similarities in structure and recorded personnel details were observed, and the presence of identical outdated entries supports the possibility that this is not an entirely new breach but rather a resurfacing of previously compromised information under a different actor and narrative.
As of this publication, no formal statement has been released by the PLLO or related offices addressing the origin, authenticity, or recurrence of the dataset now circulating again under a new banner.
