Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Department of Information and Communications Technology

Department of Information and Communications Technology Vendor Cyber Rating & Cyber Score

dict.gov.ph
in
Add Your Compliance Badge
ISO 27001
SOC 2 Type 1
SOC 2 Type 2
PCI DSS
HIPAA
GDPR

The Department of Information and Communications Technology is mandated by Republic Act (RA) 10844 or the DICT Act of 2015 to be the primary policy, planning, coordinating, implementing, and administrative entity of the Executive Branch of the government that will plan, develop, and promote the national ICT development agenda.


DICT A.I CyberSecurity Scoring

Incident Details
DICT
Company Information
Website:https://dict.gov.ph/
Employees number:716
Number of followers:496,124
NAICS:92
Industry Type:Government Administration
Homepage:dict.gov.ph
Cyber Premium EstimationGet Supply Chain
DICT Risk Score (AI oriented)
Between 700 and 749
logo
DICTGovernment Administration
Updated:
04/04/2026
704/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
DICT Global Score (TPRM)
xxxx
logo
DICTGovernment Administration
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

DICT
DICTModerate
Current Score
704Ba (MODERATE)
01000
2 incidents
-70 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JUNE 2026
707Before Incident
MAY 2026
706Before Incident
APRIL 2026
705Before Incident
MARCH 2026
702Before Incident
FEBRUARY 2026
702Before Incident
JANUARY 2026
701Before Incident
DECEMBER 2025
698Before Incident
NOVEMBER 2025
697Before Incident
OCTOBER 2025
697Before Incident
SEPTEMBER 2025
765Before Incident
Breach
22 Sep 2025DICT
Department of Information and Communications Technology (DICT)

Potential Data Exposure in DICT's eComplaints System (Isolated from eGov PH Platform)

695After Incident
MEDIUM-70
DIC3833538092225
The DICT reported an incident involving its eComplaints system, a third-party service linked to the eGov PH platform, where over 30,000 complaint records were allegedly exposed. The department clarified that the eGov PH app itself was not compromised, and the breach was isolated to the eComplaints system, which operates separately from the main infrastructure. DICT emphasized that no personal data on the eGov platform was leaked, as it remains encrypted and protected by cybersecurity measures. While the exact nature of the exposed records (e.g., whether they contained sensitive personal or financial details) was not confirmed, the incident raised concerns about third-party vulnerabilities in government digital services. DICT committed to providing updates as further verified information becomes available, reiterating its priority to safeguard citizen privacy. The incident did not result in a full-scale breach of the primary eGov PH system, but the exposure of complaint records—even if non-sensitive—could still undermine public trust in digital governance platforms.
INCIDENT DETAILS -
TYPE
Data Exposure (Disputed Breach)
IMPACT
eComplaints system (third-party service)Brand Reputation Impact: Potential (due to disputed breach claims)
DATA BREACH
Data Encryption: Confirmed (for eGov PH platform data)
REFERENCES
Blog URLSource URL
AUGUST 2025
765Before Incident
JULY 2025
765Before Incident
JUNE 2016
773Before Incident
Breach
16 Jun 2016DICT
Department of Information and Communications Technology (DICT) - Philippines

DICT Internal Audit Reveals 'Significant Non-Compliance' in eGov eLGU Platform Rollout Without Contracts

702After Incident
CRITICAL-71
DIC2762527111925
The DICT’s eGov ‘super app’ and its eLGU platform—used by 14 million Filipinos and 924+ local government units (LGUs)—were deployed without signed contracts (MOAs/MOUs) defining data protection responsibilities, breach reporting, or liability. An internal audit (2025) revealed 40 out of 85 eLGU-adopted LGUs had no agreements, while 474 out of 973 iBPLS-adopted LGUs lacked complete MOAs, exposing unclear accountability for data breaches. The system collects excessive personal data upfront (government IDs, live photos, signatures, addresses) even for basic services like viewing health centers, raising proportionality concerns under privacy laws. The absence of Data Sharing Agreements (DSAs) or formal policies leaves no clear recourse for citizens in case of breaches, despite routine hacking incidents (e.g., 19 government sites hacked in September 2025 protests). DICT claims no data is stored or shared via eGovDX APIs, but experts warn this creates legal ambiguity, risking COA disallowances for irregular spending (e.g., ₱377.64M in contracts without enforceable agreements). Former NPC officials highlight the government’s poor track record in breach accountability, citing unresolved cases like the 2016 Comelec hack. The platform’s lack of transparency and unmitigated risks undermine trust in a system handling sensitive citizen data at scale.
INCIDENT DETAILS -
TYPE
Data Privacy ViolationRegulatory Non-ComplianceGovernance FailureExcessive Data Collection
MOTIVATION
Rapid Deployment Under Ease of Doing Business Law (RA 11032)Avoidance of 'Red Tape' (per ARTA advice)Centralization of Government Services
IMPACT
Government IDs (e.g., driver’s license, passport)Live photosFull namesBirthdatesAddressesSignaturesPhone numbersEmailsGenderPassport details (for eTravel)eGov PH Super AppeLGU Platform (924+ LGUs onboarded as of Oct 2025)Single Sign-On (SSO) SystemEGovDX Data Exchange APIsiBPLS (Integrated Business Permits and Licensing System)Unclear liability for data breachesPotential COA (Commission on Audit) disallowancesRisk of 'irregular' budget usageLack of breach notification protocolsDifficulty in assigning accountability for cybersecurity incidentsErosion of public trust in eGov platformPerception of government negligence in data protectionPotential backlash from 14M+ usersViolation of Data Privacy Act (Philippines)Potential NPC (National Privacy Commission) penaltiesLack of legal recourse for affected citizensRisk of lawsuits from data subjectsIdentity Theft Risk: High (due to excessive collection of PII without safeguards)Payment Information Risk: Moderate (eTravel requires passport details)
DATA BREACH
Personally Identifiable Information (PII)Biometric Data (live photos, signatures)Government-Issued IDsContact InformationSensitivity Of Data: High (includes IDs, biometrics, and passport details)Personally Identifiable Information: Yes (extensive)
REFERENCES
Blog URLSource URL

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for DICT ?
?
What was DICT's A.I Rankiteo Cyber Score in May 2026 ?
?
What was DICT's A.I Rankiteo Cyber Score in April 2026 ?
?
What was DICT's A.I Rankiteo Cyber Score in March 2026 ?
?
What was DICT's A.I Rankiteo Cyber Score in February 2026 ?
?
What was DICT's A.I Rankiteo Cyber Score in January 2026 ?
?
What was DICT's A.I Rankiteo Cyber Score in December 2025 ?
?
What was DICT's A.I Rankiteo Cyber Score in November 2025 ?
?
What was DICT's A.I Rankiteo Cyber Score in October 2025 ?
?
What was DICT's A.I Rankiteo Cyber Score in September 2025 ?
?
What was DICT's A.I Rankiteo Cyber Score in August 2025 ?
?
What was DICT's A.I Rankiteo Cyber Score in July 2025 ?
?
What is the average per-incident point impact on DICT's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with DICT ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view DICT's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?