SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Database Leak
CriticalConfirmed

DepEd Ilocos Norte & Aurora Divisions

Quantum Security Group claimed breaches of DepEd Ilocos Norte (3M+ records across 17 databases and 155 CSV files) and DepEd Aurora (full database backup), exposing sensitive personal information including TIN numbers and PhilHealth IDs.

November 1, 2025Ilocos Norte / Aurora, Ilocos Region / Central Luzon3,000,000+ records affected

Key Facts

Date of Incident
November 1, 2025
Date Discovered
November 1, 2025
Records Affected
3,000,000+
Source
Deep Web Konek
Data Types Exposed
NamesEmail addressesSchool namesContact numbersAddressesBirth datesGenderCivil statusTIN numbersPhilHealth IDsEducational backgrounds
Response / Action Taken

No official statements from DepEd or affected regional offices at time of reporting.

What Happened

Cybersecurity monitoring group Deep Web Konek reported that the Quantum Security Group claimed responsibility for breaching two additional DepEd regional offices: Ilocos Norte and Aurora.

DepEd Ilocos Norte: Over 3 million records were allegedly exfiltrated across 17 databases and 155 CSV files.

DepEd Aurora: A full database and backup file were obtained. The group characterized the Aurora system as "weak" and claimed no data deletion occurred during the intrusion.

The group issued taunting messages including "expect consequences, expect exposure" and referenced a "DepEd Breached Club," suggesting they view DepEd's regional offices as systematic targets.

As of reporting, neither DepEd nor the affected regional offices had issued statements regarding these incidents.

Related Prior Incident

In February 2024, DepEd Ilocos Sur's Facebook page was hacked, prompting the office to warn the public against transacting via Facebook and to seek assistance from the Ilocos Sur Provincial Cyber Response Team Office. While this was a social media account compromise rather than a database breach, it demonstrates the broader pattern of DepEd offices in the Ilocos region being targeted by threat actors.

Data Exposed

Personal Information (PI):

  • Full names and usernames
  • Email addresses and contact numbers
  • School names and physical addresses
  • Job positions

Sensitive Personal Information (SPI):

  • Birth dates, gender, and civil status
  • TIN (Tax Identification Numbers)
  • PhilHealth identification numbers
  • BP numbers
  • Educational backgrounds

Why This Breach Is Critical

The exposure of TIN numbers and PhilHealth IDs alongside names and birth dates creates severe identity theft risk. These are government-issued identifiers that cannot be easily changed and can be used for:

  • Filing fraudulent tax returns
  • Making unauthorized PhilHealth claims
  • Opening bank accounts or credit lines under stolen identities

This breach, combined with the DepEd CAR and DepEd Laguna breaches by the same group, reveals a systematic campaign by Quantum Security Group targeting DepEd regional offices across the Philippines.

How to Prevent This

  1. 1.Encrypt all government-issued identifiers — TIN, PhilHealth, and other national IDs must be encrypted at rest in databases
  2. 2.Audit all DepEd regional office systems — given the systematic targeting, all DepEd divisions should undergo immediate security assessments
  3. 3.Implement network security baselines — establish minimum security standards that all regional offices must meet
  4. 4.Restrict database exports — prevent bulk CSV and database file exports without multi-level approval
  5. 5.Centralize security monitoring — deploy a shared security operations center (SOC) that monitors all DepEd regional systems for intrusion indicators
  6. 6.Report to NPC — file breach notifications for all affected data subjects as required by the Data Privacy Act

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Deep Web Konek — Quantum Security Group claims breach of DepEd Ilocos Norte and Aurora databases, exfiltrating millions of records
  2. [2]
    Hendry Adrian (LinkedIn) — Cybersecurity researcher post on DepEd Ilocos Norte data leak (2025)
  3. [3]
    IT Sec Philippines (Facebook) — Philippine IT Security community discussion on the DepEd Ilocos Norte breach
  4. [4]
    Politiko North Luzon — DepEd Ilocos Sur's Facebook page hacked (Feb 5, 2024) — related prior incident in the Ilocos region
  5. [5]
    GMA Regional TV — DepEd Ilocos Sur Division FB page hacked — confirms Feb 2024 Ilocos Sur incident
  6. [6]
    Philippine News Agency — DICT probes possible hacking of DepEd office (Feb 2024) — broader context of DICT investigating DepEd breaches
  7. [7]
    Inquirer.net — DepEd: No hacking in regional offices despite alleged data leak (Feb 2024) — DepEd's denial of earlier breach claims
DepEdIlocos NorteAuroraQuantum Security GroupTINPhilHealthDeep Web KonekIlocos Sur

Related Incidents

Critical

DepEd Cordillera Administrative Region (CAR)

November 19, 2025

Critical

DepEd Division of Laguna

October 4, 2025

High

DepEd Schools Division of Masbate

August 1, 2025

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources