SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Website Defacement
MediumConfirmed

Lyceum of Alabang and La Consolacion University Philippines

In August 2013, hacker 'Hitman' (co-founder of Pinoy Vendetta) defaced the websites of Lyceum of Alabang (Muntinlupa) and La Consolacion University Philippines (Malolos, Bulacan), posting 'Secure your site Admin' on both. On La Consolacion's site he also uploaded a PHP proxy script. Reported by Newsbytes.PH citing Pinoy Hack News; independently corroborated by a Zone-H archive record for La Consolacion.

August 1, 2013Muntinlupa City / Malolos, Bulacan, National Capital Region / Central LuzonUnknown records affected

Key Facts

Date of Incident
August 1, 2013
Date Discovered
August 1, 2013
Records Affected
Unknown
Source
Newsbytes.PH
Data Types Exposed
Website content
Response / Action Taken

No official response from either school was documented. The PHP proxy script on La Consolacion's site represented an ongoing security risk until removed.

What Happened

In August 2013, a hacker using the alias Hitman — co-founder of the Philippine hacktivist group Pinoy Vendetta — breached and defaced the websites of Lyceum of Alabang (Muntinlupa City, Metro Manila) and La Consolacion University Philippines (lcup.edu.ph, Malolos, Bulacan). On both sites, Hitman posted the message: "Secure your site Admin".

On La Consolacion's website, Hitman additionally uploaded a PHP proxy script that allowed anyone on the internet to route their web traffic through the university's server. His stated justification was that he wanted to help students bypass campus network restrictions — though the unauthorized server access itself was a crime regardless of intent. Newsbytes.PH reported the defacements on August 1, 2013; Pinoy Hack News covered the proxy script incident on August 3, 2013.

Attacker

Hitman was a co-founder and prominent member of Pinoy Vendetta, one of the most active Philippine hacktivist groups of the 2012–2015 era. The group's activities ranged from opportunistic defacements to politically motivated attacks (anti-mining, anti-pork barrel scandal) and later DDoS attacks against Philippine media outlets (traced by digital forensics group Qurium). Hitman was characterized as a "grey hat web defacer" who often framed intrusions under public-interest justifications. A Zone-H defacement record exists for Hitman / lcup.edu.ph, confirming the La Consolacion incident in the public defacement archive.

What Was Compromised

As a website defacement, the primary impact was alteration of public-facing content. The PHP proxy script on La Consolacion's site was a more serious compromise — the university's server was turned into attack infrastructure. The extent of any further data access behind either intrusion is unknown.

Context

The attacks occurred during a peak period of Philippine hacktivism:

  • Early 2013 — Philippine and Malaysian hackers traded defacements over the Sabah territorial dispute
  • March 2013 — Anonymous Philippines defaced the Philippine President's website
  • August 2013 — Pinoy Vendetta and affiliates targeted government, corporate, and school websites across the Philippines
  • November 2013 — 38 government websites defaced demanding PDAF abolition

Why This Breach Matters

  • Named attacker with documented group affiliation — one of the best-attributed early school defacements in the Philippines
  • PHP proxy abuse — uploading a proxy script goes beyond defacement; it turns the school's server into attack infrastructure
  • Earliest documented school cyberattacks — among the oldest known incidents of Philippine school websites being targeted

Lessons for Schools

  1. 1.Disable server-side script uploads — web servers should never allow unauthenticated file writes; a PHP proxy requires filesystem write access
  2. 2.Keep CMS platforms updated — many defacements exploited known vulnerabilities in unpatched WordPress or Joomla installations
  3. 3.Monitor for unauthorized files — file integrity monitoring detects when new scripts are added to a web server
  4. 4.Backups enable recovery — regular backups allow quick restoration after a defacement attack

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Newsbytes.PH — Websites of 2 schools, Bohol town hacked — reports Hitman (Pinoy Vendetta) defaced Lyceum of Alabang and La Consolacion University Philippines (August 1, 2013)
  2. [2]
    Pinoy Hack News — Pinoy Vendetta — Pinoy Hack News (Aug 3, 2013) — reports Hitman's PHP proxy upload to La Consolacion University Philippines (lcup.edu.ph)
  3. [3]
    Rappler — Davao-based hacker linked to DDoS group — Rappler profile of Pinoy Vendetta members and their 2013–2015 activities
  4. [4]
    Inquirer Tech — Hacktivists to Aquino — Inquirer coverage of Philippine hacktivist groups including Pinoy Vendetta's 2013 wave of attacks
Lyceum of AlabangLa Consolacion UniversityMuntinlupaBulacanwebsite defacementPinoy VendettaHitmanPHP proxyhacktivism2013

Related Incidents

Critical

A private medical college in Cebu City

June 24, 2026

Low

A foundation college in Mindanao

May 3, 2026

High

A state university in MIMAROPA

May 2, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources