What Happened
On June 25, 2020, Our Lady of Fatima University's Student Information System (sis.fatima.edu.ph) was breached by the hacker group Pinoy Grayhats. This was classified as a "Security Breach / Data Leakage" — indicating that student data was not only accessed but also exfiltrated or made public.
Broader Context
OLFU was one of over 20 Philippine schools hacked in June 2020 alone. The Secuna cybersecurity firm documented the scale of attacks, noting that data like full names, birthdays, addresses, student numbers, contact details, and next-of-kin information were considered at risk across the affected schools.
How to Prevent This
- 1.Secure student information systems with strong authentication — require MFA for all users, especially admin and staff
- 2.Encrypt sensitive student data — both at rest and in transit
- 3.Conduct regular penetration testing — test SIS platforms for common vulnerabilities
- 4.Implement access controls — ensure database users have minimal necessary privileges
- 5.Monitor for data exfiltration — set up alerts for unusual bulk data access or downloads
Sources & References
- [1]Secuna Blog — More than 20 Philippine schools hacked just this June — OLFU listed among affected institutions
- [2]Pinoy Grayhats (Facebook) — Pinoy Grayhats Facebook post about OLFU SIS breach (June 25, 2020)
- [3]GitHub (ajdumanhug/gothacked) — Registry of Philippine school hacking incidents — OLFU listed June 25, 2020 by Pinoy Grayhats, classified as Data Leakage
OLFUFatima UniversityValenzuelaPinoy Grayhatsdata leakageSISCOVID-19 online learning