SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
MediumResolved

DepEd Division of Malabon City

Storm Breaker Security PH claimed on Facebook to have conducted a DDoS attack against depedmalaboncity.ph, taking the DepEd Malabon City division website offline. Global uptime checks confirmed the site was unreachable from all monitored locations.

February 15, 2026Malabon City, National Capital RegionNone records affected

Key Facts

Date of Incident
February 15, 2026
Date Discovered
February 15, 2026
Records Affected
None
Source
Storm Breaker Security PH (Facebook)
Data Types Exposed
Website availability
Response / Action Taken

The website has since been restored and is operational as of March 30, 2026.

What Happened

On February 15, 2026, the threat actor group Storm Breaker Security PH posted on their Facebook page claiming responsibility for a Distributed Denial of Service (DDoS) attack against the DepEd Division of Malabon City website (depedmalaboncity.ph).

The post included a link to a check-host.net report showing the website returning "Connection timed out" from every monitored location worldwide, including Austria, Brazil, Bulgaria, Canada, Cyprus, Czechia, Finland, France, Germany, Hong Kong, Hungary, and India. A browser screenshot confirmed the site was unreachable with an `ERR_CONNECTION_TIMED_OUT` error.

The post was signed by ~Ph.Bl4ke with special greetings to Black Bytes, Anonymous San Mateo, Pinoy Xploitsec, and xBL4z3R-Sec PH, and addressed "ALL FILIPINO HACKTIVIST."

Impact

  • Complete service disruption — the DepEd Malabon City website was rendered entirely inaccessible during the attack
  • No known data breach — DDoS attacks disrupt availability but typically do not involve data exfiltration
  • Public-facing services affected — parents, students, and staff were unable to access division resources and announcements during the downtime

Attacker

Storm Breaker Security PH is a Philippine-based hacktivist group that targets websites of educational and government institutions. This DDoS attack occurred approximately one month before the same group claimed a website defacement of a senior high school under the same DepEd Malabon division, suggesting an ongoing campaign against Malabon City educational infrastructure.

Why This Incident Matters

  • Escalation pattern — the DDoS in February was followed by a defacement of a Malabon school website in March, indicating persistent targeting of the division
  • Government education services disrupted — DepEd division websites serve as critical communication channels for schools, parents, and staff
  • Low barrier to entry — DDoS attacks require relatively little technical skill but can cause significant disruption to under-resourced institutions

How to Prevent This

  1. 1.Use a CDN or DDoS mitigation service — services like Cloudflare or AWS Shield can absorb and filter malicious traffic
  2. 2.Enable rate limiting — configure web servers and firewalls to limit requests per IP
  3. 3.Implement geographic filtering — if the site primarily serves a local audience, consider restricting or rate-limiting international traffic during attacks
  4. 4.Monitor uptime proactively — set up automated alerts for downtime so response teams can act quickly
  5. 5.Have an incident response plan — ensure IT staff know how to activate DDoS mitigation measures when an attack is detected
MalabonNCRDivision of MalabonDepEdDDoSStorm Breaker Security PHhacktivism2026

Related Incidents

Medium

A public senior high school in Malabon City

March 14, 2026

Critical

DepEd Training Platform (training.deped.gov.ph)

May 3, 2026

High

A private college in Silang, Cavite

January 12, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources