Massive NBI Data Breach Exposes Millions of Users Records Online

The National Bureau of Investigation (NBI), the Philippines’ top investigative agency, has reportedly been compromised, exposing the sensitive data of millions of Filipinos.

A dark web user operating under the pseudonym “Zodiac Killer” has taken responsibility for the attack, claiming to have leaked extensive personal and financial records.

The breach involves a staggering 3.6 GB of data, spanning from 2016 to 2024, with over 45 million records allegedly exposed.

According to the Kukublan report, the leaked database reportedly contains full names, addresses, transaction IDs, contact information, and detailed location data of affected individuals.

Password-protected files supposedly containing highly sensitive NBI records have also been shared by the attacker.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The Hacker and the Breach

“Zodiac Killer,” a new figure on the dark web, created their account in January 2025 and has only posted this breach.

The hacker claims the files, compressed into archives, are available via file-sharing platforms such as Mega.nz.Particularly troubling is that the breach appears to involve systems handling NBI clearance applications or financial transactions. Leaked data fields include:

• Full names
• Complete addresses (street, barangay, city, and province)
• Transaction details, including IDs, dates, and purposes
• Contact numbers and other personal identifiers

These details strongly indicate that the compromised system managed clearance issuance, background checks, or related processes.

If the breach is verified, its impacts could be far-reaching, putting millions at risk of identity theft, financial fraud, and other cybercrimes.

NBI clearance data is widely used for official purposes such as employment, travel, and legal filings, making the leaked information particularly valuable to cybercriminals.

Thus far, the NBI has remained silent, leaving the public questioning when or if an official statement or mitigation plan will be released.

This alarming incident is the latest in a string of cyberattacks targeting Philippine government institutions, underscoring persistent vulnerabilities in critical systems.

The public release of such sensitive information by “Zodiac Killer” highlights the growing sophistication of cyber threats and the urgent need for heightened cybersecurity measures.

Filipinos affected by the breach are advised to monitor their accounts for suspicious activity and consider identity protection services to mitigate potential risks.

Meanwhile, the government faces mounting pressure to address these vulnerabilities and strengthen its digital defenses to prevent future attacks.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar