The Computer Professionals’ Union (CPU) held the National Bureau of Investigation (NBI) accountable for the massive data breach of the agency’s database containing Filipinos’ sensitive information.

The data breach exposed private information submitted by Filipinos obtaining NBI clearance. This included names, complete addresses, IDs used, clearance purpose details, payment channels and other personal data from 2016 to 2024.

NBI clearance is used for job applications, overseas travel and other legal processes. Exposed data can be used for identity theft and other crimes. The sensitive information is now posted on the dark web and is accessible to anyone.

The NBI denied that the security loophole came from agency and said it came from an unnamed private company responsible for processing applications submitted to the agency.

The CPU denounced this excuse.

“This incident underlines the NBI’s failure and negligence to secure and protect the personal information of the Filipino people,” according to the group. As with previous data breaches, the data obtained by the hacker is not even password protected. Worse, the NBI entrusted this information to a third party provider or private company that has no public accountability.

“The NBI must be held accountable…for the long term implications on the exposed personal information amid even more cases of targeted scams, fraud, identity theft and many other forms of cybercrime,” the CPU said.

The data breach at the NBI is only the latest in a series of failures by state agencies and their contracting private companies to protect sensitive citizen information.