THE Philippine Charity Sweepstakes Office (PCSO) and the Department of Information and Communication Technology (DICT) are investigating reports of a data breach affecting lotto winners.
DICT Undersecretary Jeffrey Ian Dy confirmed that the agency became aware of the alleged breach within the past two days. A Facebook page, Philippine Exodus Security, posted on Wednesday claiming that thousands of lotto winners’ profiles from 2016 to 2025 had been compromised, including names, addresses, phone numbers, IDs, and winning numbers.
The Facebook page, which describes itself as a “red teamer based in the Philippines,” alleged that the PCSO’s security was weak, stating, “Looks like the Philippine Charity Sweepstakes Office never bothered to change their weak-ass password. What a Pathetic. Their mailbox was child’s play—compromised over 5 accounts without breaking a sweat.” Red teamers conduct simulated attacks on organizations to improve their IT security frameworks.
PCSO General Manager Mel Robles has denied the incident, stating that the government-owned and controlled corporation’s systems and sites are secure. He asserted that none of their websites have been compromised, breached, or hacked. Robles further clarified that the information published by the alleged hackers belonged to recipients of a promotional campaign by a branch in Cagayan in 2022, not actual lotto winners.
