GMA Brandtalk
Tracking
Archives
Lotto winners’ info hacked? DICT probing report on alleged data breach
The Department of Information and Communications Technology (DICT) is now investigating a report on an alleged breach of the data of lotto winners.
On Friday morning, DICT Undersecretary Jeffrey Ian Dy said the department learned about the report two days ago.
“We are aware of that for two days now. We are investigating and coordinating with the Philippine Charity Sweepstakes Office (PCSO),” Dy told GMA Online in a message.
PCSO general manager Mel Robles dismissed claims of the alleged data breach, saying the systems and sites of the government-owned and controlled corporation are secured.
“I have just checked, at the moment, none of our websites are compromised, breached, or hacked, as we speak now,” Robles told GMA Integrated News.
“It's a claim. I cannot validate what they're saying. I don’t know what they have. How do you prove the negative? For us, it's not. We don't see that. So until we see that, then we can say something about it,” he added.
The Facebook page Philippines Exodus Security claimed that thousands of lotto winners’ profiles from 2016 to 2025 have been compromised including names, addresses, phone numbers, IDs, and winning numbers.
“Looks like the Philippine Charity Sweepstakes Office never bothered to change their weak-ass password. What a Pathetic. Their mailbox was child's play—compromised over 5 accounts without breaking a sweat,” it claimed in a post Wednesday.
“Now sitting on thousands of lotto winners’ profiles from 2016 to 2025. Details they thought were safe: names, addresses, phone numbers, IDs, and even winning numbers. All of it. Private info they never wanted public,” it added.
According to Robles, however, the information published by the hackers belong to the recipients of a promo of a branch in Cagayan in 2022 and not of lotto winners.
GMA News Online has also reached out to the Philippine National Police - Anti-Cybercrime Group about the matter but they have yet to provide a statement as of this story’s posting.
Based on its Facebook page information, Philippines Exodus Security describes itself as a “red teamer based in the Philippines.” A red teamer aims to improve IT security frameworks of organizations by launching physical or digital attacks on their systems.
Dy said the data posted by the group were historical information. According to him, this data possibly came from a personal account or email and not from the PCSO’s system.
“The data and the artifacts seems to be from very, very, at least the ones we got from the internet, seems to be old data rin naman. So it is possible that what they got are historical information, not necessarily systems,” he told Super Radyo dzBB.
“It's not really a system. It's really a particular person's account. It could be a personal email of an employee or maybe someone with access with some information, not necessarily all the information,” he added.
(NOTE: This article has been updated to reflect the detail that it was only the Department of Information and Communications, and not the Philippine Charity Sweepstakes Office, which said the alleged hacking of lotto winners' data was being investigated.)
—RF, GMA Integrated News
