Notification to Data Subjects Regarding Possible Personal Data Breach

Dear Magsaysay Global Services Community Member:

We are writing to inform you that Magsaysay Global Services, Inc. (MGSI) files containing personal data may have been unlawfully acquired by unauthorized persons in the course of a cybersecurity incident. Although we have yet to confirm which specific files, if any, were actually taken unlawfully, we are informing you about this incident so that you can take steps to protect yourself from the risks that may arise if any of your personal data was indeed acquired by unauthorized persons.

A summary of this security incident is set out below.

Nature of Breach

On November 17, 2023, some of our affiliates reported a potential data breach in connection with a note apparently left by a hacker on one of our network servers stating that the network had been “penetrated” and that approximately one terabyte of data, including an “MMIS database dump” had been downloaded as a result. Although MGSI was not specifically named in the note, MGSI is a former user of the MMIS database, and we acknowledge the possibility that some workers’ personal data that we used to store in the MMIS database may have been included in the attack.

Based on the information available to us at this time, we believe (but have not definitively confirmed) that this unlawful intrusion into our system was perpetrated by the Monti ransomware group , which portrays its activities as a form of “ethical hacking, exposing vulnerabilities in corporate networks.” Online resources indicate that victims who do not give in to Monti’s ransom demands will be publicly listed on its data leak site’s “Wall of Shame.”

A forensic investigation is now underway to confirm the allegations in the note and to determine the extent and cause of this purported data breach.

Personal Data Possibly Involved

We have yet to determine which of our files, if any, were actually taken by the perpetrator. However, since some of our files contain personal data provided by you, it is possible that some or all of the personal information below may have been acquired by the perpetrator:

Measures to Address the Potential Breach and Mitigate Possible Harm or Negative Consequences

We have taken the following measures to address this potential data breach and mitigate the possible harm or negative consequences that may arise from it:

• Performed network and server reviews for unusual events, traffic abnormalities, or unauthorized access
• Reset and updated passwords of all users with administrator-level access
• Reviewed server integrity, accessibility, and traces of unauthorized access or data alteration
• Continuous endpoint protection monitoring of all systems in verifying threats
• Re-engaged partner information security vendor
• Coordination with relevant government agencies
• Deployed containment and isolation protocols
• Review of Legacy Operating Systems
• Disabling of remote access functions
• Disabled vendor access to the network
• Analysis and forensics work 
• Assets inventory and security logs review
• Vulnerability assessment
• Re-application, re-updating, and renewal of security certificates
• Informing all data subjects regarding the possible personal data breach so they can take steps to protect themselves from potential negative consequences

When incidents like this occur, it is generally advisable to monitor your accounts and subscriptions, especially those where your personal details enumerated above could be used to verify your identity or crack your passwords. In addition, we recommend the following:

• Do not click suspicious emails and/or links from unverified sources.
• Regularly change your account passwords
• Use strong passwords and use two-factor or multi-factor authentication on all your accounts 
• Install and update your anti-virus security software
• Avoid using the same password on different accounts
• Avoid providing any information to suspected scammers asking for your personal data