PNP: Passport data breach a threat to identity, national security

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines, January 14) — The heads of police and defense department have expressed security concerns over the massive passport data breach at the Department of Foreign Affairs.

Philippine National Police Chief Director General Oscar Albayalde on Monday said the passport mess is not only a concern for all Filipinos with passports, it also poses a threat to the country's security.

"(It is) not only a threat to national security, but a threat to our identities," he said in a media briefing on Monday.

Defense Secretary Delfin Lorenzana has also raised alarm on the passport mess, considering personal data of Filipinos are exposed.

"These are personal information such as full name, date and place of birth, and other information that could be used illegally. We will get in touch with the DFA to find out the details of this issue and how to mitigate its ill effect," he said in a statement on Sunday.

Foreign Affairs Secretary Teodoro "Teddy Boy" Locsin Jr on Saturday bared that a disgruntled passport maker took away the government data when its contract was terminated. The department required those renewing their passports to submit a copy of their birth certificate.

The birth certificate contains sensitive information such as full name, birthday, address, occupation, and parents' full name.

Locsin on Monday denied there was a data breach. He said an unnamed "irate Frenchmen" are withholding the data, making it inaccessible to DFA.

"Because it was not a breach but a withholding of the data by irate Frenchmen which data now stored in Lipa or in ASEANA (story keeps changing) but at any rate inaccessible," he posted on his personal Twitter account.

Former Foreign Affairs Chief Perfecto Yasay Jr. however said Locsin was misinformed on the issue. He told CNN Philippines that Francois Charles Oberthur Fiduciaire, the French company tasked to produce the passports, is not in possession of the data.

He claimed the current contractor in charge of passport printing, United Graphic Expression Corporation (UGEC), has the information. He said UEGC has not yet turned over the "rights" to print the passports.

"How can Oberthur Technologies, which was the previous awardee of the contract, run away with the data when the data was owned by the DFA?  The data is there. The data continues to be in possession of the DFA if they want to," he said on Sunday.

Yasay added, "UGEC to my mind, upon reason and belief, has not turned that over and I do not believe can be held accountable for it."

Yasay said the DFA in October 2015 entered into a deal with APO Production Unit Incorporated (APUI), a company under the Presidential Communications Office, to produce a new e-passport system, The condition was that APUI would not subcontract to any company. He said APUI violated its agreement with the DFA when it tapped UGEC as its subcontractor to produce the new e-passports.

The former chief said he found the contract between DFA and APUI "grossly disadvantageous" when he reviewed it before assuming office. However, he did not cancel it immediately because it would worsen the delays in the issuance of passports.

The National Privacy Commission (NPC) is set to investigate how broad the data breach is. The PNP and Defense Department also said they are willing to help with the probe. Senators Risa Hontiveros and Antonio Trillanes IV have filed separate resolutions seeking a Senate inquiry on the issue.