SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Database Leak
CriticalConfirmed

DepEd Cordillera Administrative Region (CAR)

Quantum Security Group breached DepEd CAR's infrastructure, exfiltrating over 6 million records across 42 databases including 30,000+ teacher personal records with plaintext passwords, and defaced multiple DepEd CAR subdomains.

November 19, 2025Baguio City, CAR6,000,000+ records affected

Key Facts

Date of Incident
November 19, 2025
Date Discovered
November 19, 2025
Records Affected
6,000,000+
Source
Deep Web Konek
Data Types Exposed
Teacher namesEmployee IDsBirth datesEthnicityEducational attainmentSchool assignmentsPosition titlesUsernamesEmail addressesPasswords (plaintext/weakly encrypted)Document tracking dataInternal memos
Response / Action Taken

No official statement from DepEd CAR at time of reporting.

What Happened

On November 19, 2025, cybersecurity monitoring group Deep Web Konek reported that the hacker group Quantum Security Group claimed to have breached the Department of Education – Cordillera Administrative Region (DepEd CAR), exfiltrating over 6 million records across 42 databases.

The group also defaced multiple DepEd CAR subdomains, including verification portals, helpdesk, supply hub, and HRMS systems, indicating deep access across the organization's infrastructure.

The group characterized the breach as a "lesson" regarding inadequate data protection, stating: "You did not protect the data of DepEd CAR, this is your responsibility."

Data Exposed

Teacher Personal Records (30,000+):

  • Employee IDs and full names
  • Sex and birth dates
  • Ethnicity and educational attainment
  • Office, division, section, and school assignments
  • Position titles

Account Credentials:

  • Usernames and email addresses
  • Passwords — some stored in plaintext or with weak encryption

Operational Data:

  • Document tracking records
  • Internal memos and communications
  • Account creation dates, last login attempts, and account status

Why This Breach Is Critical

This is the largest DepEd breach documented to date by record count. The exposure of plaintext passwords and active credentials means attackers can directly log into DepEd systems. Combined with the defacement of multiple subdomains, this indicates the attackers had persistent, deep access to DepEd CAR's entire infrastructure — not just a single database.

How to Prevent This

  1. 1.Hash all passwords with bcrypt or Argon2 — plaintext password storage is an emergency-level flaw
  2. 2.Implement MFA on all administrative systems — especially HRMS, verification portals, and document management systems
  3. 3.Segment internal systems — prevent lateral movement by isolating helpdesk, HRMS, supply hub, and verification systems on separate network segments
  4. 4.Deploy intrusion detection and monitoring — the breadth of access (42 databases, multiple subdomains) suggests prolonged undetected access
  5. 5.Conduct regular security audits — DepEd regional offices should undergo annual penetration testing
  6. 6.Centralize cybersecurity standards — establish uniform security requirements across all DepEd regional offices

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Deep Web Konek — DepEd CAR database leak exposes over 6 million records including 30,000 teacher personal information
  2. [2]
    PSA Intelligence — Recent cybersecurity incidents report — includes DepEd CAR breach by Quantum Security Group (Oct 2, 2025)
DepEdCARQuantum Security Groupteacher recordsplaintext passwordsDeep Web Konek

Related Incidents

Critical

DepEd Division of Laguna

October 4, 2025

Critical

DepEd Ilocos Norte & Aurora Divisions

November 1, 2025

High

DepEd Schools Division of Masbate

August 1, 2025

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources