Bangsamoro Social Services Ministry Suffers Data Breach
February 27, 2025 – A data breach has exposed the personal information of beneficiaries from the Ministry of Social Services and Development (MSSD) of the Bangsamoro Autonomous Region in Muslim Mindanao (BARMM), Philippines. The compromised database was leaked on a hacking forum by a user known as "Xploit3R," potentially putting thousands of individuals at risk.
https://iili.io/3da5vJp.jpg
The breach was revealed in an online forum on February 26, 2025, at 11:16 AM. The leaked database includes detailed personal records of MSSD beneficiaries, containing the following information:
A. Identification details – ID numbers, full names (first, middle, and last names)
B. Location data – Province, city/municipality, and barangay
C. Tribal affiliation – Ethnic or indigenous group classification
D. Case management details – Status of social welfare assistance and assigned program
A sample dataset displayed records of multiple beneficiaries, revealing personal details such as marital status, disabilities, and financial assistance received.
The forum member named "Xploit3R," shared the leaked database and provided a downloadable link on a file-sharing site frequently used in data leaks. The post was titled with the ministry's official website, hinting at a direct compromise of its beneficiary information system.
The hacker’s account shows a membership date of May 2024, with multiple breach-related posts. The database was reportedly extracted from mssd-is.bangsamoro.gov.ph, suggesting that the ministry’s internal system may have been infiltrated.
The breach poses a threat to affected individuals, many of whom belong to marginalized communities, persons with disabilities, and financially disadvantaged groups. With their personal data now accessible online, they could become targets of scams, identity fraud, or other malicious activities.
The exposure of such information also highlights the ongoing cybersecurity vulnerabilities within government agencies. The incident raises concerns over data protection measures and the growing trend of cyberattacks targeting sensitive government records.
Deep Web Konek has notified the DICT to prompt an official response to the breach.
