Back to Breach Tracker
Website Defacement
HighResolved

Multiple Philippine Schools (20+ Institutions)

Over 20 Philippine schools were hacked in June 2020 alone, including San Beda University, AMA University, Bulacan State University, and Cebu Normal University, as institutions rushed to shift online during the pandemic.

June 1, 2020Nationwide, NationalUnknown records affected

Key Facts

Date of Incident
June 1, 2020
Date Discovered
June 1, 2020
Records Affected
Unknown
Source
Secuna Blog
Data Types Exposed
Student portal dataWebsite contentStudent personal information
Response / Action Taken

Affected schools individually responded with investigations. Multiple NPC notifications filed. Security awareness across Philippine education sector increased.

What Happened

In June 2020, over 20 Philippine schools were hacked in a single month as educational institutions rushed to move online during the COVID-19 pandemic. The wave of attacks exposed how unprepared Philippine schools were for digital security.

Cybersecurity firm Secuna documented the scale of the attacks, which affected both private and public institutions across the country.

Schools Affected

Among the schools targeted were:

  • San Beda University
  • AMA University
  • Bulacan State University
  • Cebu Normal University
  • Tarlac Agricultural University (now Tarlac Agricultural State University)
  • University of Mindanao
  • PUP Sta. Mesa and PUP Taguig
  • Far Eastern University
  • Multiple other institutions

How These Attacks Worked

Multiple hacker groups exploited common web application vulnerabilities in school websites and student portals that were hastily deployed for the shift to online learning. The specific attack vectors documented include:

  • SQL injection — inserting malicious database queries through login forms and search fields to extract student data
  • Weak authentication — predictable passwords, no account lockout, no MFA, allowing brute-force attacks
  • Unpatched CMS platforms — many schools used outdated versions of WordPress, Joomla, or custom PHP applications with known vulnerabilities
  • Default credentials — servers and admin panels left with factory-default usernames and passwords
  • Insecure file uploads — allowing attackers to upload web shells (backdoor scripts) through file upload forms

The Pinoy Grayhats group was responsible for several high-profile breaches, while other groups targeted additional institutions.

Impact

The attacks resulted in:

  • Student personal data being leaked on social media and forums
  • School websites being defaced
  • Student portals being taken offline during enrollment periods
  • Erosion of trust in online learning platforms
  • Multiple NPC notifications from affected schools

How to Prevent This

  1. 1.Conduct a security assessment before deploying any student-facing system — even a basic vulnerability scan using free tools like OWASP ZAP can catch SQL injection and XSS before attackers do
  2. 2.Use parameterized queries in all database operations — this single practice eliminates SQL injection, the most common attack in these breaches
  3. 3.Keep all CMS platforms and plugins updated — enable automatic updates for WordPress, Joomla, or whatever platform you use. Unpatched CMS is the easiest target
  4. 4.Change all default credentials immediately — audit every server, database, admin panel, and network device for default passwords
  5. 5.Implement a Web Application Firewall (WAF) — Cloudflare's free tier includes basic WAF protection. This blocks the most common attacks automatically
  6. 6.Restrict file upload functionality — only allow specific file types (e.g., PDF, JPG), scan uploads for malicious content, and store files outside the web root
  7. 7.Enforce MFA on all admin and staff accounts — even if a password is guessed, MFA prevents login
  8. 8.Invest in IT security training — send IT staff to cybersecurity training. The Philippine DICT offers free cybersecurity workshops for government institutions

Sources & References

  1. [1]
    Secuna Blog More than 20 Philippine schools hacked just this June — are we ready for online education? (June 2020)
  2. [2]
    Manila Bulletin Anatomy of a hack: How hackers breached vulnerable PH schools (July 1, 2020)
  3. [3]
    GitHub (ajdumanhug/gothacked) Community-maintained registry of 28 Philippine school hacking incidents in May-June 2020, with dates, hacker groups, and source links
mass hackingCOVID-19online learningmultiple schoolspandemic