SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Database Leak
HighConfirmed

Bangsamoro Ministry of Basic, Higher and Technical Education (MBHTE)

Fawkes Pilipinas, affiliated with Nullsec Philippines, claimed to have breached the Bangsamoro Ministry of Basic, Higher and Technical Education (MBHTE) and posted a 1 MB+ JSON sample of exfiltrated data. The MBHTE website (mbhte.bangsamoro.gov.ph) was subsequently suspended by Bangsamoro Government Web Hosting Services, citing a detected cyber breach.

March 31, 2026Cotabato City, BARMM1 MB+ of data exposed

Key Facts

Date of Incident
March 31, 2026
Date Discovered
March 31, 2026
Data Exposed
1 MB+
Source
Fawkes Pilipinas (Facebook)
Data Types Exposed
Personal dataGovernment records
Response / Action Taken

The MBHTE website was suspended by Bangsamoro Government Web Hosting Services as of March 31, 2026. No official statement from the ministry has been released.

What Happened

On March 31, 2026, the threat actor group Fawkes Pilipinas posted on their Facebook page claiming to have breached the Bangsamoro Ministry of Basic, Higher and Technical Education (MBHTE). The post was addressed to the ministry, taunting: "We are aware of how large your project budget is, yet it seems you were unable to allocate any for your website's security. Don't worry — for now, we still have our eyes on your system."

The attackers posted a link to a 1 MB+ sample of exfiltrated data in JSON format.

Independent Corroboration

The MBHTE website at mbhte.bangsamoro.gov.ph was suspended by the Bangsamoro Government Web Hosting Services, displaying a "Website Suspended" notice citing the following possible reasons:

  • Detected cyber breach or unauthorized access attempt
  • Ongoing security audit or maintenance
  • Violation of hosting policy or acceptable use agreement
  • Pending domain renewal or configuration issue

The suspension page directed visitors to support.bangsamoro.gov.ph and was branded by the Bangsamoro Government's Digital Governance and Innovation Services. This independently confirms that the hosting provider detected and responded to the breach.

What Was Compromised

The threat actor posted a sample dataset described as:

  • File format: JSON
  • Total sample data: 1 MB+

The full scope of the data exfiltration is not yet known. Given that MBHTE oversees basic, higher, and technical education across the Bangsamoro Autonomous Region, the ministry's systems could contain records related to schools, students, teachers, and administrative operations across the region.

Attacker

Fawkes Pilipinas posted the claim, signed by 4HmD0S4 with "Best regards" from Nullsec Philippines and ph.sydn3y. The post included greetz to: 0xTerror, 0xSeve, X10n, crypt0nymz, Lei$, and Ch4nc3ll0rx.1337 — several of whom are associated with previous Nullsec Philippines operations, including the La Union colleges breach on March 29, 2026.

Why This Breach Matters

  • Government education ministry — MBHTE is the Bangsamoro Autonomous Region's equivalent of DepEd, overseeing all basic, higher, and technical education in BARMM
  • Independently confirmed — the website suspension by Bangsamoro Government Web Hosting Services corroborates the breach claim
  • Ongoing threat — the attackers explicitly stated they "still have our eyes on your system," suggesting continued access or intent to return
  • Pattern of escalation — Nullsec Philippines affiliates have been conducting increasingly impactful attacks against Philippine educational institutions throughout 2026
  • Regional impact — a breach of the ministry could affect the data of schools, students, and educators across the entire Bangsamoro Autonomous Region

How to Prevent This

  1. 1.Conduct regular security assessments — government ministries handling education data should undergo periodic penetration testing and vulnerability assessments
  2. 2.Implement Web Application Firewalls (WAF) — to detect and block common attack vectors
  3. 3.Allocate cybersecurity budget — as the attackers noted, security investment must match the scale of systems being protected
  4. 4.Apply defense-in-depth — multiple layers of security controls reduce the impact of any single point of failure
  5. 5.Monitor for unauthorized access — deploy intrusion detection systems and log monitoring to catch breaches early
  6. 6.Secure government hosting infrastructure — centralized government hosting should enforce baseline security standards across all hosted websites

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    MBHTE website suspension notice — Bangsamoro Government Web Hosting Services suspension page citing detected cyber breach
    Accessed: March 31, 2026
Cotabato CityBARMMBangsamoroMBHTEgovernmentdatabase leakNullsecPhilippinesFawkes Pilipinashacktivism2026education ministry

Related Incidents

High

A private college in Bulacan

March 31, 2026

Critical

A private medical college in Cebu City

June 24, 2026

Critical

A state university in Mindanao

May 10, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources