What Happened
On February 14, 2024, cybersecurity monitoring group Deep Web Konek reported on X (formerly Twitter) that a threat actor claimed to have hacked a DepEd database and acquired over 750 gigabytes of data. The information allegedly included banking information, student and teacher records, and Google email accounts.
Deep Web Konek identified the affected office as SDO Cabuyao in Laguna. The threat actor posted on the dark web that they would not leak the data to the public "yet" but might offer curated data in the future.
DepEd Response
DepEd's Schools Division Office (SDO) of Cabuyao conducted a thorough investigation and stated: "There was no hacking nor glitch occurred in any platform or system used by the SDO Cabuyao." They added that upon checking, all data were found intact.
DepEd also stated that its cybersecurity measures have been "effective" in protecting its network and sensitive information, and that they immediately activated security protocols and preventive measures.
Related Incidents
On February 15, 2024, hackers gained unauthorized access to DepEd-affiliated Facebook pages, flooding them with inappropriate content. This occurred just one day after the alleged data breach report.
This was also the second reported DepEd data incident in February 2024, following the OVAP database exposure discovered by vpnMentor.
Context
DepEd coordinated with the Department of Information and Communications Technology (DICT) regarding the reported data leak. The DICT isolated the investigation to the regional office level.
It is worth noting that Deep Web Konek later apologized for disseminating inaccurate information regarding a separate alleged leak of Philippine Statistics Authority (PSA) data, raising questions about verification standards for dark web claims.
How This Type of Attack Works
While this specific breach remains unverified, data exfiltration from government systems typically happens through compromised credentials (phishing or credential stuffing), exploiting unpatched vulnerabilities in web applications, or insider access. The threat actor's claim of 750GB suggests prolonged access or bulk database export.
How to Prevent This
- 1.Enable multi-factor authentication (MFA) on all staff accounts — this blocks credential stuffing and phishing attacks, which are the most common entry points
- 2.Deploy a web application firewall (WAF) — this protects against SQL injection, cross-site scripting, and other web-based attacks that could allow database export
- 3.Implement database activity monitoring (DAM) — tools that alert on unusual queries, bulk exports, or access from unfamiliar IPs
- 4.Maintain comprehensive audit logs — log all access to sensitive systems so you can verify or rule out unauthorized access when claims arise
- 5.Segment your network — keep student databases on isolated network segments so compromising one system does not grant access to all data
- 6.Patch systems promptly — apply security updates within 30 days for critical vulnerabilities, especially on internet-facing systems
- 7.Coordinate with DICT and NPC — have pre-established communication channels so incident response is swift when reports surface
Sources & References
- [1]PhilStar — DepEd verifying reports of data breach (Feb 14, 2024)
- [2]Manila Bulletin — 'There was no hacking', DepEd-Cabuyao clarifies following alleged cyberattack
- [3]Inquirer.net — DepEd: No hacking in regional offices despite alleged data leak
- [4]Interaksyon / PhilStar — Data leak, lewd Facebook page: DepEd-affiliated pages report data breach
- [5]PhilStar — DepEd checking data breach after hacking (Feb 15, 2024)
- [6]Philippine News Agency — DICT probes possible hacking of DepEd office — DICT investigating alleged 750GB data exfiltration