Philippines Passport Application Site Discloses Personal Information • The Register
The Philippine Department of Foreign Affairs (DFA) has disabled its online passport application tracking tool, citing a “data privacy issue” and hinting that information may have been leaked.
“The IT unit of the DFA is currently investigating the circumstances surrounding this problem and is taking appropriate measures to secure any data that may have been exposed,” said a opinion on the DFA website. “An internal audit will also be carried out to prevent similar incidents from recurring in the future.”
The Philippines requires citizens to use the site, which was launched only a few months ago, to apply for a passport – walk-in applications are only allowed in exceptional circumstances. However, at the time of writing, the tracker returns a 404 error. Therefore, citizens have no way of knowing when or if passports will be approved and / or shipped.
According to state sponsored media, the site was dismantled to prevent the transmission of additional data. The DFA did not provide any details of the “problem” or the number of people affected, although the agency said the tracker was removed within a day of detecting the problem.
Philippine Information Service Rapper reported that privacy concerns stemmed from applicants’ personal information being “hard-coded” into the tracker program. A developer who spoke to the media was able to find people’s personal information – including emails, birthdays, and phone numbers – on the DFA website via the l33t hack tactic of … searching on Google.
The FDFA has notified requesting hotlines and email contacts.
Passport issues follow the Philippines’ introduction of an identity card, again requiring online registration, and again causing problems as the registration portal became unavailable within hours of start operations. ®