SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
HighResolved

Ateneo Law School

In December 2014, the Ateneo Law School's Student Access Module was hacked by AnonCalapan (AnonGhost Philippines), exposing student usernames, passwords, and full names. The attack was politically motivated, tied to criticism of the Aquino administration's Typhoon Yolanda response.

December 8, 2014Makati City, National Capital RegionUnknown records affected

Key Facts

Date of Incident
December 8, 2014
Date Discovered
December 8, 2014
Records Affected
Unknown
Source
Rappler
Data Types Exposed
UsernamesPasswordsFull names
Response / Action Taken

Both the Student Access Module and the official Ateneo Law School website were taken down following the breach. No further public response was documented.

What Happened

On December 8, 2014, Rappler reported that the database of the Ateneo Law School website was hacked, with student user accounts leaked online. The breach targeted the school's online Student Access Module at law.ateneo.edu.

The perpetrator was identified as AnonCalapan, the official Philippine branch of the international AnonGhost hacking network — named after the city of Calapan, capital of Oriental Mindoro province.

What Was Compromised

The hackers leaked:

  • Usernames of Ateneo Law School students
  • Passwords (stored in plaintext or easily reversible format)
  • Full names of students who logged into the Student Access Module

Both the Student Access Module and the official Ateneo Law School website (law.ateneo.edu) were taken down following the breach.

Political Motivation

The leaked file contained political messaging:

  • A paragraph about the education of President Benigno "Noynoy" Aquino III (Ateneo de Manila University graduate, class of 1981, BS Economics)
  • Hashtags: #OPYOLANDA, #PURISIMA, #NOYNOY, #FUCKTHESYSTEM

The attack was tied to:

  1. 1.#OpYolanda — Criticism of the Aquino administration's handling of Typhoon Yolanda (Hainan), which devastated the Philippines on November 8, 2013, killing over 6,300 people
  2. 2.#Purisima — Referring to PNP Chief Alan Purisima, whose controversial role was already a point of political tension in late 2014

Broader Context: 2014 Philippine Hacktivism Wave

The Ateneo hack occurred during a wave of hacktivism in the Philippines:

  • November 3, 2014 — Anonymous Philippines launched defacement attacks on government websites over slow Typhoon Yolanda relief
  • November 8, 2014 — A second wave called "Operation Infosurge" launched on the first anniversary of Typhoon Yolanda
  • December 5, 2014 — Philippine government websites were still down or defaced a month after attacks
  • December 8, 2014 — The Ateneo Law School hack was reported

AnonGhost had been actively attacking Philippine websites since early 2013, defacing 130+ Philippine websites including government sites, educational institutions, and private organizations.

Why This Breach Matters

  • Early credential exposure — Unlike website defacements, this attack specifically targeted and leaked student credentials, foreshadowing the database-focused attacks that would become dominant years later
  • Prestigious institution targeted — Ateneo Law School is one of the Philippines' most prominent law schools, demonstrating that institutional prestige offers no protection
  • Politically motivated — The hack showed how schools could become collateral targets in broader political hacktivist campaigns
  • Password security failure — The exposure of plaintext or reversible passwords highlighted fundamental security practices that many institutions still had not adopted

Lessons for Schools

  1. 1.Hash and salt all passwords — plaintext or reversible password storage is never acceptable
  2. 2.Separate public-facing and sensitive systems — student portals with credentials should not share infrastructure with public websites
  3. 3.Schools can be political targets — institutions may be targeted not for their data, but for their symbolic association with political figures or causes
  4. 4.Incident response planning — the need to take down both the portal and main website suggests a lack of system segmentation

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Rappler — Database of Ateneo Law School website hacked (December 8, 2014)
  2. [2]
    HackRead — 130+ Philippines Websites Hacked by AnonGhost
  3. [3]
    Newsbytes.PH — PH gov't websites still down, defaced a month after attacks (December 5, 2014)
AteneoNCRhacktivismAnonGhostcredential exposure2014law schoolpolitically motivated

Related Incidents

Critical

DepEd Training Platform (training.deped.gov.ph)

May 3, 2026

Critical

A state university in Mindanao

May 10, 2026

Medium

A public senior high school in Malabon City

March 14, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources