Back to Breach Tracker
Unauthorized Access
HighResolved

De La Salle University (DLSU)

DLSU Manila suffered a cybersecurity incident affecting on-premise systems including the student portal (My.LaSalle), Animo.Sys, Oracle Fusion, and library services. The university engaged Mandiant for incident response and shifted classes online.

October 9, 2023Manila, NCRUnknown records affected

Key Facts

Date of Incident
October 9, 2023
Date Discovered
October 9, 2023
Records Affected
Unknown
Source
Rappler
Data Types Exposed
Student portal dataInternal system dataLibrary services dataOracle Fusion records
Response / Action Taken

Mandiant engaged for incident response. All DLSU computers reformatted. Classes shifted online. Investigation conducted.

What Happened

On October 9, 2023, De La Salle University (DLSU) Manila disclosed a "data security incident" that affected multiple on-premise-hosted systems. The university's website and several online services went down as a result of the attack.

Systems Affected

The following DLSU systems were impacted:

  • My.LaSalle (student portal)
  • Animo.Sys (internal administrative system)
  • Oracle Fusion (enterprise resource planning)
  • Library services
  • Other internally hosted applications

DLSU stated that cloud-hosted applications and student records stored in the cloud were not compromised.

How This Type of Attack Works

While DLSU did not publicly disclose the exact attack vector, the pattern — multiple on-premise systems compromised simultaneously, all DLSU-issued computers reformatted — is consistent with either ransomware or network-level intrusion where an attacker gained access to the internal network and moved laterally across systems.

The fact that cloud-hosted services were unaffected while on-premise systems were hit suggests the attacker exploited vulnerabilities in locally hosted infrastructure, possibly through an unpatched server, compromised VPN, or phishing attack that gave them a foothold inside the campus network.

Response

DLSU took swift action by:

  • Engaging Mandiant, a leading global cybersecurity firm, for incident response
  • Taking all DLSU-issued computers offline and reformatting them
  • Shifting classes to online format from October 11-14, 2023
  • Conducting a thorough investigation of all on-premise systems

Impact

While DLSU maintained that cloud-hosted student records were safe, the disruption to campus operations was significant. The incident forced the university to temporarily halt in-person classes and reformat institutional computers.

How to Prevent This

  1. 1.Establish an incident response retainer — have a contract with a cybersecurity firm (like Mandiant, CrowdStrike, or a local provider) before an incident happens, so response is immediate
  2. 2.Segment on-premise networks — separate student portals, administrative systems, ERP, and library systems onto different network segments so a breach in one does not spread to all
  3. 3.Migrate critical systems to cloud where feasible — DLSU's cloud-hosted systems were unaffected precisely because they were isolated from the on-premise network. Consider cloud hosting for student portals and ERP
  4. 4.Deploy endpoint detection and response (EDR) on all university computers — EDR can detect and isolate compromised machines before malware spreads laterally
  5. 5.Maintain a business continuity plan — DLSU's ability to shift to online classes within days showed good planning. Every school should have a documented plan for operating during a cyber incident
  6. 6.Patch on-premise servers promptly — locally hosted systems are often neglected compared to cloud services. Ensure all on-premise servers receive security updates within 30 days
  7. 7.Implement network monitoring — deploy tools that detect unusual traffic patterns like lateral movement, large data transfers, or connections to known malicious IPs

Sources & References

  1. [1]
    Rappler DLSU announces 'data security incident,' website and online services down (Oct 11, 2023)
  2. [2]
    The LaSallian DLSU locally hosted, online systems down after cybersecurity incident — DLSU student newspaper
  3. [3]
    Newsbytes PH DLSU suffers data security incident; multiple online systems compromised
  4. [4]
    Manila Bulletin DLSU installs temporary campus Wi-Fi after cyberattack (Oct 18, 2023)
DLSULa SalleMandiantuniversityManila