The Philippines' Department of Foreign Affairs (DFA) has disabled its online passport application tracker, citing a "data privacy issue" and hinting that information could have leaked.
"The DFA's IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed," states a notice on the DFA website. "An internal audit will also be conducted to prevent similar incidents from happening in the future."
The Philippines requires citizens to use the site, which launched only a couple of months ago, to apply for a passport – walk-in applications are allowed only under exceptional circumstances. However, at time of writing, the tracker is returning a 404 error. Citizens therefore have no way knowing when or if passports will be approved and/or dispatched.
According to state-sponsored media, the site was taken down to prevent further data emission. The DFA has offered no detail on the "issue" nor how many people were affected, though the agency did say the tracker was taken down within one day of the problem being spotted.
Philippine news service Rapple reported the privacy issues stemmed from applicants' personal information being "hard coded" into the tracker's program. One developer who spoke to the news outlet was able to find people's personal information – including emails, birthday and contact numbers – on the DFA website via the l33t hacker tactic of … searching Google.
- Philippines approves digital services tax on streaming services, apps, even SaaS
- Facebook and Amazon take over Philippines-to-USA sub cable after China Mobile quits
- Philippines president threatens Facebook ban after The Social Network™ deleted supportive content
The DFA has notified applicants of hotlines and email contacts.
The passport problems follow the Philippines' introduction of an ID card, again requiring online registration, and again causing problems as the registration portal became unavailable within hours of operations commencing. ®