Cyber Incident Victim: Bureau of Customs

On April 7, 2024, the Bureau of Customs (BoC) detected a cybersecurity incident involving unauthorized access to its external cloud-based online applications. The breach occurred over the preceding weekend and was executed using compromised user login credentials. Upon discovery, the BoC immediately activated security protocols to contain the intrusion, including locking all affected accounts and servers. Initial investigations revealed that attackers potentially accessed sensitive user information, including names, email addresses, company names, contact details, and tax identification numbers (TINs). The agency promptly reported the incident to the Department of Information and Communications Technology (DICT) and the Cybercrime Investigation and Coordinating Center (CICC), requesting their expertise to assist in the forensic investigation and mitigation efforts. The BoC’s IT team concurrently worked to strengthen existing security measures and prevent further exploitation of systems.

The BoC publicly disclosed the breach on April 7 through an advisory, confirming it was assessing the full scope of compromised data and systems. While the exact number of affected individuals or entities remained undetermined at the time of reporting, the agency urged the transacting public to change passwords for their accounts and monitor for suspicious activity. It established a dedicated support channel ([email protected]) for incident-related inquiries and emphasized collaboration with the DICT to contain the attack and limit data exfiltration. No operational disruptions to core customs processes were reported, but the incident highlighted vulnerabilities in external-facing cloud applications reliant on credential-based authentication. The BoC committed to ongoing coordination with cybersecurity authorities to refine its defenses and complete the investigation into the breach’s origins and impacts.