LTO data leak from old IT provider?

The Land Transportation Office (LTO) denied that the data leak, which the National Privacy Commission (NPC) is investigating, comes from the current web portal the agency is using for its Land Transportation Management System or LTMS.

The transportation agency said Atty. Romeo Vera Cruz, the concurrent executive director and data privacy officer of the LTO reported the data breach to the National Privacy Commission (NPC) on November 10, 2020.

LTO Director Asst. Secretary Edgar Galvante said the website they are currently using for the LTMS is portal.lto.gov.ph, with “.gov.ph” as the standard domain suffix the Philippines uses for all government agencies, and that the website involved in the data breach is lto.net.ph.

LTO is using two parallel systems at the moment; Stradcom (lto.net.ph), the IT company that handled the data of the LTO in the past and operating on a monthly basis because of an expired contract, and a new IT service provider operating the LTMS at portal.lto.gov.ph. LTO has yet to clarify why Stradcom is still in operation and why they are allowed to be in the official website of the LTO. The Stradcom domain is the one connected to the current data breach.

LTO has assured the NPC that they will cooperate with the investigation and plug the data leak immediately. The LTMS site, portal.lto.gov.ph, is secure and will have no issues when it comes to user privacy, Galvante said.

Latest posts