SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Website Defacement
MediumResolved

A public senior high school in Malabon City

The name of this institution has been withheld pending verification of the source. This entry is based on an unconfirmed report.

Storm Breaker Security PH claimed on Facebook to have breached the WordPress website of a public senior high school in NCR. The group posted a defacement page along with what appears to be exposed WordPress API schema data.

March 14, 2026Unknown records affected

Key Facts

Date of Incident
March 14, 2026
Date Discovered
March 14, 2026
Records Affected
Unknown
Source
Storm Breaker Security PH (Facebook)
Data Types Exposed
Website contentWordPress configuration data
Response / Action Taken

The school's website has been restored and is operational as of March 30, 2026.

What Happened

On March 14, 2026, the threat actor group Storm Breaker Security PH posted on their Facebook page claiming to have compromised the WordPress website of a public senior high school in NCR. The post included a defacement message and screenshots of what appears to be backend WordPress REST API schema data.

The defacement message warned the school that their "WordPress website information is currently in our possession" and urged them to "fix this immediately so it will not spread further and so that your WordPress control panel will not be accessed, which could cause files that should not be leaked to be exposed."

The post was signed by ~Ph.Bl4ke and included shout-outs to other groups and individuals.

What Was Compromised

Based on the threat actor's Facebook post:

  • Website defacement — the school's website was compromised and a defacement banner was posted
  • WordPress API schema exposure — screenshots show what appears to be the WordPress REST API JSON schema, indicating the attackers had access to backend API endpoints
  • Potential WordPress admin access — the threat actor warned that the "WordPress control panel" could be accessed, suggesting possible admin-level compromise

The full extent of data access beyond what was shown in the screenshots is unknown.

Attacker

Storm Breaker Security PH is a Philippine-based hacktivist group that targets websites of educational and government institutions. The defacement was signed by Ph.Bl4ke with "special greetz" to: Black Bytes, Anonymous San Mateo, XSQDD Philippine, Pinoy Xploitsec, and xBL4z3R-Sec PH. The post used the hashtags #stormbreakersecurityph, #Anonymous, and #everyone, and referenced "ALL FILIPINO HACTIVIST."

Why This Breach Matters

  • WordPress vulnerability — the exposed API schema data suggests the WordPress installation was misconfigured or running outdated software, leaving it vulnerable to further exploitation
  • Potential for deeper access — the threat actor's warning about WordPress control panel access suggests the breach may go beyond simple defacement
  • Pattern of school targeting — Philippine educational institutions, particularly DepEd division schools, continue to be frequent targets of hacktivist groups
  • Public disclosure by threat actor — the breach was publicly announced on social media before the school could respond

How to Prevent This

  1. 1.Keep WordPress and all plugins updated — outdated WordPress installations are a primary attack vector
  2. 2.Disable or restrict the WordPress REST API — limit API access to authenticated users only
  3. 3.Use a Web Application Firewall (WAF) — to detect and block common defacement and injection attacks
  4. 4.Enforce strong authentication — require MFA for all WordPress admin accounts
  5. 5.Restrict wp-admin access by IP — limit admin panel access to known, trusted IP addresses
  6. 6.Remove unused themes and plugins — reduce the attack surface by removing unnecessary components
MalabonNCRDivision of MalabonDepEdwebsite defacementStorm Breaker Security PHWordPresshacktivism2026

Related Incidents

Medium

DepEd Division of Malabon City

February 15, 2026

Critical

DepEd Training Platform (training.deped.gov.ph)

May 3, 2026

Critical

A private medical college in Cebu City

June 24, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources