Back to Breach Tracker
Database Leak
CriticalConfirmed

DepEd Cordillera Administrative Region (CAR)

Quantum Security Group breached DepEd CAR's infrastructure, exfiltrating over 6 million records across 42 databases including 30,000+ teacher personal records with plaintext passwords, and defaced multiple DepEd CAR subdomains.

November 19, 2025Baguio City, CAR6,000,000+ records affected

Key Facts

Date of Incident
November 19, 2025
Date Discovered
November 19, 2025
Records Affected
6,000,000+
Source
Deep Web Konek
Data Types Exposed
Teacher namesEmployee IDsBirth datesEthnicityEducational attainmentSchool assignmentsPosition titlesUsernamesEmail addressesPasswords (plaintext/weakly encrypted)Document tracking dataInternal memos
Response / Action Taken

No official statement from DepEd CAR at time of reporting.

What Happened

On November 19, 2025, cybersecurity monitoring group Deep Web Konek reported that the hacker group Quantum Security Group claimed to have breached the Department of Education – Cordillera Administrative Region (DepEd CAR), exfiltrating over 6 million records across 42 databases.

The group also defaced multiple DepEd CAR subdomains, including verification portals, helpdesk, supply hub, and HRMS systems, indicating deep access across the organization's infrastructure.

The group characterized the breach as a "lesson" regarding inadequate data protection, stating: "You did not protect the data of DepEd CAR, this is your responsibility."

Data Exposed

Teacher Personal Records (30,000+):

  • Employee IDs and full names
  • Sex and birth dates
  • Ethnicity and educational attainment
  • Office, division, section, and school assignments
  • Position titles

Account Credentials:

  • Usernames and email addresses
  • Passwords — some stored in plaintext or with weak encryption

Operational Data:

  • Document tracking records
  • Internal memos and communications
  • Account creation dates, last login attempts, and account status

Why This Breach Is Critical

This is the largest DepEd breach documented to date by record count. The exposure of plaintext passwords and active credentials means attackers can directly log into DepEd systems. Combined with the defacement of multiple subdomains, this indicates the attackers had persistent, deep access to DepEd CAR's entire infrastructure — not just a single database.

How to Prevent This

  1. 1.Hash all passwords with bcrypt or Argon2 — plaintext password storage is an emergency-level flaw
  2. 2.Implement MFA on all administrative systems — especially HRMS, verification portals, and document management systems
  3. 3.Segment internal systems — prevent lateral movement by isolating helpdesk, HRMS, supply hub, and verification systems on separate network segments
  4. 4.Deploy intrusion detection and monitoring — the breadth of access (42 databases, multiple subdomains) suggests prolonged undetected access
  5. 5.Conduct regular security audits — DepEd regional offices should undergo annual penetration testing
  6. 6.Centralize cybersecurity standards — establish uniform security requirements across all DepEd regional offices

Sources & References

  1. [1]
    Deep Web Konek DepEd CAR database leak exposes over 6 million records including 30,000 teacher personal information
  2. [2]
    PSA Intelligence Recent cybersecurity incidents report — includes DepEd CAR breach by Quantum Security Group (Oct 2, 2025)
DepEdCARQuantum Security Groupteacher recordsplaintext passwordsDeep Web Konek