Philippines’s passport application site leaks personal info • The Register

The Philippines’ Department of Foreign Affairs (DFA) has disabled its online passport application tracker, citing a “data privacy issue” and hinting that information could have leaked.

“The DFA’s IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed,” states a notice on the DFA website. “An internal audit will also be conducted to prevent similar incidents from happening in the future.”

The Philippines requires citizens to use the site, which launched only a couple of months ago, to apply for a passport – walk-in applications are allowed only under exceptional circumstances. However, at time of writing, the tracker is returning a 404 error. Citizens therefore have no way knowing when or if passports will be approved and/or dispatched.

According to state-sponsored media, the site was taken down to prevent further data emission. The DFA has offered no detail on the “issue” nor how many people were affected, though the agency did say the tracker was taken down within one day of the problem being spotted.

Philippine news service Rapple reported the privacy issues stemmed from applicants’ personal information being “hard coded” into the tracker’s program. One developer who spoke to the news outlet was able to find people’s personal information – including emails, birthday and contact numbers – on the DFA website via the l33t hacker tactic of … searching Google.

The DFA has notified applicants of hotlines and email contacts.

The passport problems follow the Philippines’ introduction of an ID card, again requiring online registration, and again causing problems as the registration portal became unavailable within hours of operations commencing. ®

Source link