The National Intelligence Coordinating Agency (NICA) has uncovered 234 data breaches in “high-level” government agencies in 2025.
NICA Deputy Director General Ashley Acedillo thus disclosed during the Senate hearing on the submersible drones and alleged Chinese espionage activities in the Philippines.
Acedillo did not mention the names of the government agencies whose data were breached.
“Very recent lang po ito. Hindi na lang po natin papangalanan ‘yung ahensya kasi mataas po ang ahensya na ito. It’s high level,” Acedillo said.
(These are recent. We won't name these agencies because they are top-level agencies. It's high-level.)
Apart from this, 32 agencies' sensitive information was exposed on the dark web, and 91 credentials, which he explained to be “basically passwords,” were compromised.
In his presentation, Acedillo showed there were 266 digital assets associated with government agencies that require comprehensive security measures to protect against cyberattacks.
Acedillo said NICA immediately informed the government agencies affected by the breach incidents once they were detected.
However, he said the agencies could only respond to these attacks depending on their cyber capabilities.
“‘Yung iba, hindi pa po matured ‘yung kanilang cybersecurity operations. Medyo kulang po ‘yung kanilang magiging aksyon,” the NICA official said.
(Some have cybersecurity measures that have yet to mature. Their actions were not enough.)
Acedillo explained that as soon as the attackers have established an initial breach, the data is gathered and transferred to the command and control server.
This server, he said, is usually in the state that launched the cyber espionage.
“Pwede na po nila diktahan po, kung ano man yung napasok nila pwede na nilang utusan ‘yung kanilang malware na napasok para mag-lateral movement at magkaroon ng actions on target,” Acedillo said.
“‘Di na nga po nila kailangan pakialaman ‘yung datos, i-deny lang nila ng access ‘yung mga ahensya, malaking disruption na po yun sa day to day operations ng mga ahensya natin,” he added.
Asked if these attacks were continuing, Acedillo said, “We’d like to believe that this is still continuing.”
Apart from the reported breaches this year, Acedillo disclosed China’s cyber operations from April 2024 to January 2025.
In his report, there are 79 Chinese-related cyber activities against government agencies such as AMLC, BARMM, BIR, CSC, CHR, DA, DFA, DICT, DILG, DBM, DOJ, DOST, DPWH, NIA, NAMRIA, and NTC.
Ten were recorded against DICT, DOST, TIEZA, and other local government units.
Several private companies were also subjected to Chinese cyber operations, including those against Globe Telecommunications, Primeworld Digital, and New San Jose Builders, among others.
Educational institutions were also not exempt from cyberattacks, as NICA reported operations against Enderun Colleges, the University of the Philippines at Los Baños, and Davao del Norte State College.
In the same hearing, Accedillo highlighted the need for the government to continue efforts to strengthen its cybersecurity, considering that new malware is continuously being developed.
Acedillo also proposed a focal government agency for cybersecurity amid these reported breaches, as it is currently non-existent.
Senator Francis Tolentino, who presided over the hearing, also asked the NICA official about the possibility of government employees working for the Chinese hackers.
“Not just a possibility, Mr. Chair. In fact, ‘yun nga po yung preferred mode of compromising any organization. Ang tinatawag po insider threat,” Acedillo answered.
“Mas madali po para sa kahit anong cyberthreat actor na i-co-opt po yung isang nandon na sa loob, uutusan lang siya na magsaksak ng halimabawa ng isang USB, uutusan po siya na magkarga po ng isang type of malware, mas madali po yan and in fact, mas epektibo po yan,” he added.
Acedillo cited as an example of this possibility is the 2016 Bangladesh Central Bank heist, wherein malware was used for the robbery.
To prevent this possibility, Acedillo said that there are measures in place through Executive Order 608, which established a national security clearance system for government personnel with access to classified matters, and Memorandum Circular 78, which promulgated rules governing the security of classified matters in government.
However, the NICA official said these did not fully guarantee” the security of this information because they did not apply to all government agencies.
He then reminded the government agencies to ensure that all personnel who have access to sensitive systems and information should go through the security clearance system of the National Security Council and the NICA. –NB, GMA Integrated News
