There was no data breach in Cagayan de Oro City’s contact tracing system, Higala App, after it was hacked, officials and program developers assured.
The primary website of the Higala App encountered a defacement attack but hackers altered only the front-end portal, or the graphic user interface, implying that the attack was surface-level, the developer said in a statement.
“The primary website is hosted by a third-party provider while the database server is hosted by the City Government of Cagayan de Oro, where the data of the Higala App is stored. The secondary site which is hosted by the City Government is available for Higala App transactions. This has been the set-up since the deployment of the app,” it said.
The Higala App is the portal where users register in order to get a Quick Response code, a requirement by the city government when entering commercial establishments as part of the contact tracing scheme related to the COVID-19 pandemic.
During an online briefer, Mayor Oscar Moreno said there is no confidential data stored in the app that can be used by anyone or any group hacking into it.
“There are safeguards to prevent a breach.”
Moreno assured there are safeguards to prevent a breach.
“There are erroneous claims that a person’s bank account may be hacked (through the Higala App) but other than the basic data, there are no confidential data on the app such as bank account numbers. Even for the sake of discussion, if it was hacked, there are safeguards in place to prevent hackers (from accessing the whole system),” he stressed.
“The City Hall’s Higala app team quickly acted on the incident.”
City Information Officer Maricel Rivera said the City Hall’s Higala app team quickly acted on the incident, although a glitch in the system is also possible.
The Higala app, launched in August last year, is used primarily as a contact tracing and health declaration form tool by public offices, commercial establishments, and businesses.