A public resource tracking data breaches affecting Philippine schools. Here's what we stand for and how we operate.
SchoolBreach.org exists to raise awareness of data breaches affecting Philippine schools — K-12 institutions, colleges, and universities — and to give school administrators, IT staff, researchers, and the public the information they need to understand the scope of the problem and act on it.
Schools hold some of the most sensitive data imaginable: children's personal information, family details, academic records, medical histories. Yet most Philippine schools lack the resources and awareness to protect this data. This tracker exists to raise awareness and drive change.
We are not a naming-and-shaming platform. Every entry we publish is guided by a single question: does this serve the protection of student data?
We do not perform unsolicited penetration testing or actively exploit any system to source incidents — all sources are public, documented, or responsibly disclosed.
We do not contact, negotiate with, or amplify the reach of threat actors.
We do not republish, host, or link to raw leaked data files.
We do not name individual victims — students, teachers, staff — only institutions.
We do not publish unverified claims without clear disclosure of their unconfirmed status.
We do not link to live threat actor infrastructure (dark web forums, Telegram channels). We link only to archived versions.
SchoolBreach.org is maintained by OceanEd Inc. as a public service. It is not funded by any school, government agency, or cybersecurity vendor. Incident listings are not influenced by any commercial relationship.
We practice what we preach on data privacy: email addresses collected for breach notifications are used solely for that purpose and are never shared with third parties.
All content on SchoolBreach.org is provided for educational and informational purposes. This tracker does not constitute legal advice. For formal breach reporting obligations under RA 10173, consult the National Privacy Commission.
For a full explanation of how we verify sources, classify incidents, apply our tiered disclosure framework, and handle corrections and right-of-reply requests, see our dedicated methodology page.
Read Our MethodologyIf you know of a Philippine school data breach not yet documented here, you can report it confidentially. We review every submission.