MANILA — The Manila Bulletin data security officer alias "Kangkong" admitted that he was able to hack the website and system of Belo Medical Group. 

• Newspaper's data security officer says he hacked 93 websites

Included in the cyber breach were clients’ names from 2015 to 2023 -- among them celebrities and other personalities. 

Apart from the client list, their addresses, age, contact numbers, bank accounts, birthdays, payments, credit card/bank account numbers, email addresses were included in the alleged breach. 

In the controlled viewing of the data retrieved by the NBI from Kangkong, it showed that he had access to the server of Belo Medical Group, which is being used by all their branches. 

• IT officer arrested for allegedly hacking gov’t, bank websites

It included patient procedures, doctors’ names, appointments, schedules, among others.

In a statement, Belo Medical Group said they are supporting, and will cooperate, in investigations on data breaches. 

They emphasized that they are fully compliant with data privacy policies, and that they aim to strengthen data security and protection.

'OUT OF CURIOUSITY' 

Kangkong insisted that he did not sell the database of Belo Medical Group. 

He added that he did it out of curiosity, and it was the last website he hacked last year before he quit hacking and focused on his job in the Manila Bulletin. 

According to National Privacy Commissioner John Henry Naga, they are now investigating the alleged data breach. 

He explained that companies are obligated to inform the NPC and their clients within 72 hours once a data breach happens. 

Naga said they are also coordinating with the NBI Cybercrime Division regarding the allegation of Kangkong that he hacked 93 websites, including resorts, job recruitment sites, a make-up brand, spas, and other businesses. 

RELATED VIDEO