The most worrying thing about this in my opinion is that it's not surprising at all. The Philippine government and all its agencies has such an infamously bad record with infosec as well as how they build and run their sites in general. My uni days were riddled with having to deal with HTTP-only sites that used outdated frameworks and lousy account systems that practically begged to have all its passwords exposed. Back then I was filled with frustrated resolve to enter the field and work for the government so I could make some kind of difference, but as I got older I realized any work I could do would be a drop in the bucket, and for crap pay.
Even so, I am increasingly filled with concern because the pandemic has made my government clamor to "digitize more services" without a clear strategy on how to do it well. They took the quick and dirty route, resulting in ugly, insecure, UX nightmare sites that you can't even rely to work or even load half the time. And as this leak has shown, if they can't secure critical legal documents, then I don't trust them to digitize any more things.
In the information security world we use the CIA triad model which stands for Confidentiality, Integrity and Availability.
Clearly we lack the C, not sure of the I and have the A (just not in a good way.)
The spokesperson said they worried that information in the documents could affect ongoing court cases and might be used to identify witnesses or attempt to intimidate victims.
The documents mention the word “rape” 774 times, “trafficking” 135 times, and “execution,” 437 times. Terms like “terrorist” or “terrorism” also appear in numerous instances, along with other words, such as “private,” “confidential,” “password,” “witness,” and “Duterte,” referring to Philippine President Rodrigo Duterte.
Even so, I am increasingly filled with concern because the pandemic has made my government clamor to "digitize more services" without a clear strategy on how to do it well. They took the quick and dirty route, resulting in ugly, insecure, UX nightmare sites that you can't even rely to work or even load half the time. And as this leak has shown, if they can't secure critical legal documents, then I don't trust them to digitize any more things.