What Happened
Cybersecurity monitoring group Deep Web Konek reported that the Quantum Security Group claimed responsibility for breaching two additional DepEd regional offices: Ilocos Norte and Aurora.
DepEd Ilocos Norte: Over 3 million records were allegedly exfiltrated across 17 databases and 155 CSV files.
DepEd Aurora: A full database and backup file were obtained. The group characterized the Aurora system as "weak" and claimed no data deletion occurred during the intrusion.
The group issued taunting messages including "expect consequences, expect exposure" and referenced a "DepEd Breached Club," suggesting they view DepEd's regional offices as systematic targets.
As of reporting, neither DepEd nor the affected regional offices had issued statements regarding these incidents.
Related Prior Incident
In February 2024, DepEd Ilocos Sur's Facebook page was hacked, prompting the office to warn the public against transacting via Facebook and to seek assistance from the Ilocos Sur Provincial Cyber Response Team Office. While this was a social media account compromise rather than a database breach, it demonstrates the broader pattern of DepEd offices in the Ilocos region being targeted by threat actors.
Data Exposed
Personal Information (PI):
- Full names and usernames
- Email addresses and contact numbers
- School names and physical addresses
- Job positions
Sensitive Personal Information (SPI):
- Birth dates, gender, and civil status
- TIN (Tax Identification Numbers)
- PhilHealth identification numbers
- BP numbers
- Educational backgrounds
Why This Breach Is Critical
The exposure of TIN numbers and PhilHealth IDs alongside names and birth dates creates severe identity theft risk. These are government-issued identifiers that cannot be easily changed and can be used for:
- Filing fraudulent tax returns
- Making unauthorized PhilHealth claims
- Opening bank accounts or credit lines under stolen identities
This breach, combined with the DepEd CAR and DepEd Laguna breaches by the same group, reveals a systematic campaign by Quantum Security Group targeting DepEd regional offices across the Philippines.
How to Prevent This
- 1.Encrypt all government-issued identifiers — TIN, PhilHealth, and other national IDs must be encrypted at rest in databases
- 2.Audit all DepEd regional office systems — given the systematic targeting, all DepEd divisions should undergo immediate security assessments
- 3.Implement network security baselines — establish minimum security standards that all regional offices must meet
- 4.Restrict database exports — prevent bulk CSV and database file exports without multi-level approval
- 5.Centralize security monitoring — deploy a shared security operations center (SOC) that monitors all DepEd regional systems for intrusion indicators
- 6.Report to NPC — file breach notifications for all affected data subjects as required by the Data Privacy Act
Sources & References
- [1]Deep Web Konek — Quantum Security Group claims breach of DepEd Ilocos Norte and Aurora databases, exfiltrating millions of records
- [2]Hendry Adrian (LinkedIn) — Cybersecurity researcher post on DepEd Ilocos Norte data leak (2025)
- [3]IT Sec Philippines (Facebook) — Philippine IT Security community discussion on the DepEd Ilocos Norte breach
- [4]Politiko North Luzon — DepEd Ilocos Sur's Facebook page hacked (Feb 5, 2024) — related prior incident in the Ilocos region
- [5]GMA Regional TV — DepEd Ilocos Sur Division FB page hacked — confirms Feb 2024 Ilocos Sur incident
- [6]Philippine News Agency — DICT probes possible hacking of DepEd office (Feb 2024) — broader context of DICT investigating DepEd breaches
- [7]Inquirer.net — DepEd: No hacking in regional offices despite alleged data leak (Feb 2024) — DepEd's denial of earlier breach claims