DOTr HRIS System Compromised, Threat Actor Exposes Government Weaknesses
Key Takeaways:
• DOTr’s HRIS system has been breached, with employee records and credentials leaked.
• Hackers openly defaced the system and criticized the government’s cybersecurity policies.
• A direct warning was sent to Deep Web Konek, urging exposure before a potential cover-up.
• No government response has been issued so far, raising concerns over national cyber defense capabilities.
https://iili.io/3z2rkdP.png
MANILA, PHILIPPINES — A cybersecurity breach has been reported in the Philippines, targeting the Department of Transportation’s (DOTr) Human Resource Information System (HRIS). The breach, allegedly carried out by a hacker using the alias LuxurySp1d3r (G1D30N) , was first disclosed on a well-known cybercrime marketplace, where the attacker claimed full control over the DOTr HRIS database.
https://iili.io/3z2rOrB.png
Breach Details
1. Threat Actor’s Message
In a defacement post, LuxurySp1d3r (G1D30N) shared details of the attack, calling out the new DICT Secretary, Henry Rhoel Aguda and the Philippine government for their alleged negligence in appointing inexperienced personnel to oversee national cybersecurity. The threat actor/s questioned the competency of leadership in protecting critical infrastructure, insinuating that other government agencies may also be vulnerable.
A direct excerpt from the hacker’s message reads:
“Your entire HRIS system is in our hands. If you see this defacement, know that this is only the surface of what we control. We own your systems, your data, and your vulnerabilities.”
The threat actor further challenged Malacañang, implying that appointing a former banking executive to oversee DICT was a critical mistake, as banking security does not necessarily translate to government cybersecurity expertise.
2. Leaked Database (HRIS Records)
https://iili.io/3z2P4Lb.jpg
The breach also includes a leaked SQL database named "users.sql", which contains:
1. Government Employee Credentials – Emails, usernames, and hashed passwords of DOTr personnel.
2. Potentially Sensitive HR Data – The database suggests that personal records may also be compromised.
A threat actor using the alias G1D30N after a few minutes aslo reached out directly to Deep Web Konek about the breach.
The email includes a link to the compromised HRIS system (DOTR-HRIS is currently down since last night after being alerted) , suggesting that the system may have been defaced or fully controlled by the attackers.
Government Response (Or Lack Thereof?)
At the time of writing, there has been no official statement from DOTr, DICT, or Malacañang regarding the breach. It remains unclear whether the government is even aware of the full extent of the attack.
Disclaimer
This report is based on publicly available information, leaked data, and hacker statements. Deep Web Konek does not endorse, support, or participate in any illegal activity. The purpose of this report is to inform the public about potential cybersecurity threats and to urge authorities to take necessary action. Readers are encouraged to verify information with official sources and to prioritize cybersecurity best practices to protect personal and government data.
