SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
HighResolved

De La Salle University (DLSU)

DLSU Manila suffered a cybersecurity incident affecting on-premise systems including the student portal (My.LaSalle), Animo.Sys, Oracle Fusion, and library services. The university engaged Mandiant for incident response and shifted classes online.

October 9, 2023Manila, National Capital RegionUnknown records affected

Key Facts

Date of Incident
October 9, 2023
Date Discovered
October 9, 2023
Records Affected
Unknown
Source
Rappler
Data Types Exposed
Student portal dataInternal system dataLibrary services dataOracle Fusion records
Response / Action Taken

Mandiant engaged for incident response. All DLSU computers reformatted. Classes shifted online. Investigation conducted.

What Happened

On October 9, 2023, De La Salle University (DLSU) Manila disclosed a "data security incident" that affected multiple on-premise-hosted systems. The university's website and several online services went down as a result of the attack.

Systems Affected

The following DLSU systems were impacted:

  • My.LaSalle (student portal)
  • Animo.Sys (internal administrative system)
  • Oracle Fusion (enterprise resource planning)
  • Library services
  • Other internally hosted applications

DLSU stated that cloud-hosted applications and student records stored in the cloud were not compromised.

How This Type of Attack Works

While DLSU did not publicly disclose the exact attack vector, the pattern — multiple on-premise systems compromised simultaneously, all DLSU-issued computers reformatted — is consistent with either ransomware or network-level intrusion where an attacker gained access to the internal network and moved laterally across systems.

The fact that cloud-hosted services were unaffected while on-premise systems were hit suggests the attacker exploited vulnerabilities in locally hosted infrastructure, possibly through an unpatched server, compromised VPN, or phishing attack that gave them a foothold inside the campus network.

Response

DLSU took swift action by:

  • Engaging Mandiant, a leading global cybersecurity firm, for incident response
  • Taking all DLSU-issued computers offline and reformatting them
  • Shifting classes to online format from October 11-14, 2023
  • Conducting a thorough investigation of all on-premise systems

Impact

While DLSU maintained that cloud-hosted student records were safe, the disruption to campus operations was significant. The incident forced the university to temporarily halt in-person classes and reformat institutional computers.

How to Prevent This

  1. 1.Establish an incident response retainer — have a contract with a cybersecurity firm (like Mandiant, CrowdStrike, or a local provider) before an incident happens, so response is immediate
  2. 2.Segment on-premise networks — separate student portals, administrative systems, ERP, and library systems onto different network segments so a breach in one does not spread to all
  3. 3.Migrate critical systems to cloud where feasible — DLSU's cloud-hosted systems were unaffected precisely because they were isolated from the on-premise network. Consider cloud hosting for student portals and ERP
  4. 4.Deploy endpoint detection and response (EDR) on all university computers — EDR can detect and isolate compromised machines before malware spreads laterally
  5. 5.Maintain a business continuity plan — DLSU's ability to shift to online classes within days showed good planning. Every school should have a documented plan for operating during a cyber incident
  6. 6.Patch on-premise servers promptly — locally hosted systems are often neglected compared to cloud services. Ensure all on-premise servers receive security updates within 30 days
  7. 7.Implement network monitoring — deploy tools that detect unusual traffic patterns like lateral movement, large data transfers, or connections to known malicious IPs

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Rappler — DLSU announces 'data security incident,' website and online services down (Oct 11, 2023)
  2. [2]
    The LaSallian — DLSU locally hosted, online systems down after cybersecurity incident — DLSU student newspaper
  3. [3]
    Newsbytes PH — DLSU suffers data security incident; multiple online systems compromised
  4. [4]
    Manila Bulletin — DLSU installs temporary campus Wi-Fi after cyberattack (Oct 18, 2023)
DLSULa SalleMandiantuniversityManila

Related Incidents

High

De La Salle University (DLSU) — 2020 Data Leak

June 28, 2020

High

Philippine Universities — Canvas LMS Breach

May 6, 2026

High

Romblon State University (RSU)

April 22, 2025

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources