Back to Breach Tracker
Unauthorized Access
MediumResolved

ICCT Colleges

The Pinoy Grayhats breached the ICCT Colleges student management system (sms.icct.edu.ph) during the June 2020 wave of school website attacks.

June 17, 2020Cainta, Rizal, CALABARZONUnknown records affected

Key Facts

Date of Incident
June 17, 2020
Date Discovered
June 17, 2020
Records Affected
Unknown
Source
GitHub (ajdumanhug/gothacked)
Data Types Exposed
Student portal dataStudent personal information
Response / Action Taken

ICCT Colleges addressed the security vulnerabilities after the breach was disclosed.

What Happened

On June 17, 2020, the Pinoy Grayhats hacker group gained unauthorized access to the student management system of ICCT Colleges at sms.icct.edu.ph. ICCT Colleges operates multiple campuses in Rizal and nearby provinces.

This breach was part of a coordinated campaign targeting Philippine school websites during the pandemic-driven shift to online learning.

What Was Potentially Exposed

Student management systems typically contain:

  • Student personal information (names, addresses, contact details)
  • Academic records and enrollment data
  • Financial and payment records

Context

ICCT Colleges was one of six schools breached by Pinoy Grayhats on a single day (June 17, 2020), highlighting how the group systematically scanned and exploited vulnerabilities across multiple institutions.

Lessons for Schools

  1. 1.Student management systems need extra protection — these systems contain the most sensitive student data
  2. 2.Web application firewalls (WAF) — deploying a WAF can block common attack patterns automatically
  3. 3.Regular penetration testing — schools should test their systems before attackers do

Sources & References

  1. [1]
    GitHub Registry Community-maintained registry of Philippine school hacking incidents (May-June 2020)
ICCTCaintaCALABARZONPinoy Grayhats2020pandemicstudent portal