The Philippine Charity Sweepstakes Office (PCSO) and the Department of Information and Communications Technology (DICT) have launched an urgent investigation into alarming claims of a massive data breach that allegedly exposed the personal information of thousands of lotto winners.
DICT Confirms Investigation Into Alleged Hacking
DICT Undersecretary Jeffrey Ian Dy confirmed on Friday morning that the agency was informed about the breach two days ago and has since been working closely with PCSO to verify the claims and assess the potential risks.
“We are aware of that for two days now. We are investigating and coordinating with the Philippine Charity Sweepstakes Office,” Dy stated in a message.
Hackers Claim Thousands of Winners’ Details Exposed
The controversy erupted after the Facebook page “Philippines Exodus Security“ made a shocking post on Wednesday, alleging that sensitive personal data belonging to lotto winners from 2016 to 2025 had been compromised. According to the hackers, the exposed information includes:
- Full names
- Addresses
- Phone numbers
- Identification details
- Winning numbers
The post also contained bold claims about the alleged weak security of PCSO’s systems.
“Looks like the Philippine Charity Sweepstakes Office never bothered to change their weak-ass password. What a Pathetic. Their mailbox was child’s play—compromised over 5 accounts without breaking a sweat,” the group wrote.
They further alleged, “Now sitting on thousands of lotto winners’ profiles from 2016 to 2025. Details they thought were safe: names, addresses, phone numbers, IDs, and even winning numbers. All of it. Private info they never wanted public.”
Who Is Behind the Alleged Breach?
According to its Facebook page, Philippines Exodus Security describes itself as a “red teamer based in the Philippines.” A red teamer is typically a cybersecurity expert who tests the security of organizations by launching simulated cyberattacks to expose vulnerabilities. However, in this case, the group appears to be revealing what they claim to be real, stolen data.
Authorities, including PCSO and the Philippine National Police – Anti-Cybercrime Group (PNP-ACG), have been contacted for official statements regarding the matter. However, as of this report’s publication, neither agency has provided a formal response.
PCSO Denies Hacking Claims, Says Systems Are Secure
PCSO General Manager Mel Robles strongly denied the hacking allegations, asserting that all PCSO systems and websites remain intact and secure.
“I have just checked, at the moment, none of our websites are compromised, breached, or hacked, as we speak now,” Robles said.
PCSO Questions Credibility of Hacker Claims
Robles also cast doubt on the credibility of the allegations, arguing that no solid evidence has been provided to support the hacking claims.
“It’s a claim. I cannot validate what they’re saying. I don’t know what they have. How do you prove the negative? For us, it’s not. We don’t see that. So until we see that, then we can say something about it,” he added.
Hackers May Have Targeted Promotional Data Instead
To further clarify, Robles stated that the information leaked by the hackers appears to belong to participants of a PCSO promotional event held in a Cagayan branch in 2022, rather than actual lotto winners.
While investigations are ongoing, the alleged breach has raised serious concerns about the security of sensitive personal data. If proven true, this could be one of the biggest data breaches in Philippine history, putting thousands of individuals at risk of fraud and identity theft.
Read: A Lucky Start to 2025: Bettor Wins ₱314.5 Million Ultra Lotto 6/58 Jackpot
