Cyber Incident Victim: Department of Migrant Workers

On July 1, 2024, the Department of Migrant Workers (DMW) in the Philippines announced via Facebook that its online systems had been disrupted by a ransomware attack, forcing the temporary suspension of all electronic services. The agency immediately took pre-emptive measures to isolate and secure its infrastructure by taking affected systems offline, though it confirmed no overseas Filipino worker (OFW) databases were compromised during the incident. Critical services impacted included the issuance of Overseas Employment Certificates (OECs), OFW Passes, and digital OFW information sheets—documents essential for migrant workers' employment verification and international travel. The DMW coordinated with the Department of Information and Communications Technology (DICT) to initiate system restoration efforts while collaborating with the Bureau of Immigration to minimize disruption to OFW departures through alternative verification protocols.

To maintain operational continuity, the DMW established manual processing for OECs and OFW Passes at its National Office, Regional Offices, extension sites, One-stop Shops, and Migrant Workers Assistance Centers. OFWs requiring information sheets were instructed to submit requests via email to [email protected] or through the agency’s Facebook page, with the DMW issuing QR-coded replacements electronically. The agency publicly apologized for service interruptions, emphasizing ongoing efforts to restore systems while implementing enhanced security measures to safeguard OFW data. This incident followed a 2023 ransomware attack against the Philippine Health Insurance Corporation (PhilHealth) by the Medusa group, which had demanded a $300,000 ransom that the government declined to pay. The DMW did not disclose whether ransom demands were made in this case or specify the ransomware variant involved. Service restoration timelines remained undefined as of the announcement date.