Back to Breach Tracker
Database Leak
HighConfirmed

DepEd Schools Division of Masbate

A threat actor using the alias 'Unit' posted 115,882 records from the DepEd Schools Division of Masbate for sale at $480 in cryptocurrency, exposing both faculty employment details and student personal information including Learner Reference Numbers.

August 1, 2025Masbate, Bicol Region115,882 records affected

Key Facts

Date of Incident
August 1, 2025
Date Discovered
September 1, 2025
Records Affected
115,882
Source
Deep Web Konek
Data Types Exposed
Faculty namesEmployee numbersSchool assignmentsPosition titlesFirst day of serviceCivil statusBirth datesPermanent addressesStudent namesLearner Reference Numbers (LRN)Contact numbersSchool year graduated
Response / Action Taken

No official statement from DepEd Masbate at time of reporting.

What Happened

In August 2025, a threat actor using the alias "Unit" — a newly registered account on a cybercrime forum — posted a database for sale allegedly stolen from the DepEd Schools Division of Masbate (depedmasbate.ph). The database contains 115,882 records covering both faculty and student data.

The listing was priced at $480 (negotiable), payable in cryptocurrency only (preferably Monero), and restricted to a single buyer — a pattern suggesting the data was intended for targeted fraud operations rather than mass distribution.

Data Exposed

Faculty Records:

  • Full names and employee numbers
  • School assignments and position titles
  • First day of service
  • Sex and civil status
  • Date of birth
  • Permanent addresses

Student Records:

  • Full names
  • School names
  • Learner Reference Numbers (LRN)
  • Gender and date of birth
  • Contact numbers
  • Present and permanent addresses
  • School year graduated

Why This Breach Is Concerning

The exposure of Learner Reference Numbers (LRN) is particularly problematic because LRNs are permanent identifiers assigned to students by DepEd and used throughout their entire educational career. Unlike passwords, LRNs cannot be changed. Combined with birth dates and addresses, this data creates a comprehensive profile for identity theft targeting students — many of whom are minors.

The single-buyer restriction in the sale listing suggests the data may be used for targeted social engineering, phishing, or fraud rather than generic spam.

How to Prevent This

  1. 1.Secure the web application — conduct a vulnerability assessment of depedmasbate.ph to identify and patch the entry point
  2. 2.Restrict access to student LRN databases — only authorized personnel should be able to query student records in bulk
  3. 3.Monitor for data exfiltration — set alerts for large database queries or unusual export activity
  4. 4.Encrypt student and faculty PII at rest — so data is unreadable even if the database is compromised
  5. 5.Implement Web Application Firewall (WAF) — to block common attack vectors before they reach the application
  6. 6.Notify affected data subjects — comply with the Data Privacy Act's breach notification requirements

Sources & References

  1. [1]
    Deep Web Konek DepEd Masbate Division database breached: 115,000 records exposed (Sep 2025)
DepEdMasbateBicolLRNstudent recordsfaculty recordsDeep Web Konek