SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Website Defacement
HighResolved

Philippine National Police Academy (PNPA)

The Philippine National Police Academy website was defaced and its database allegedly breached by hacking group Phantom Troupe, who claimed to have accessed personal information of over 23,000 users.

February 3, 2021Silang, Cavite, CALABARZON23,000+ records affected

Key Facts

Date of Incident
February 3, 2021
Date Discovered
February 3, 2021
Records Affected
23,000+
Source
Manila Bulletin
Data Types Exposed
Personal informationUser credentialsWebsite content
Response / Action Taken

The PNPA acknowledged the incident. The specific remediation steps taken were not publicly disclosed.

What Happened

On February 3, 2021, the hacking group "Phantom Troupe" defaced the official website of the Philippine National Police Academy (PNPA) and claimed to have breached its database, accessing personal information of more than 23,000 users.

The hackers left a message on the defaced website: "This is a warning to the Philippine National Police. We are the Phantom Troupe. We are aware of your mess and it will never be forgiven."

Scope of the Breach

The group claimed to have accessed the PNPA's database containing personal information of over 23,000 users, which may include cadets, staff, alumni, and other individuals associated with the academy. The exact nature and extent of the data compromised was not fully disclosed.

Who Was Behind It

The attack was carried out by "Phantom Troupe," the same hacking group that previously targeted the Office of the Solicitor General and several other Philippine educational institutions. The group stated their attacks served as "security warnings" to help administrators strengthen their server protection.

The hackers indicated they would continue targeting the PNP and affiliated institutions until "justice is served to the victims of police brutality," framing the attack as hacktivism.

Broader Context

PNPA is the premier educational institution of the Philippine National Police, training cadets who will serve as police officers. As a law enforcement academy, the breach was particularly notable — the institution responsible for training future police officers was itself vulnerable to cyberattack.

This incident was part of a broader pattern of Philippine educational and government institutions being targeted by hacktivist groups during 2020–2021.

How to Prevent This

  1. 1.Keep web applications and CMS platforms updated — unpatched software is the most common entry point for website defacement
  2. 2.Implement a Web Application Firewall (WAF) — to filter and block malicious traffic before it reaches the server
  3. 3.Use strong access controls — enforce multi-factor authentication for all administrative accounts
  4. 4.Conduct regular penetration testing — proactively identify and fix vulnerabilities before attackers exploit them
  5. 5.Encrypt sensitive data at rest — so that even if a database is breached, the data is not immediately usable
  6. 6.Implement intrusion detection systems — to detect unauthorized access attempts in real time

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Manila Bulletin — PNPA database hacked, website defaced (February 3, 2021)
PNPAPhilippine National Police Academywebsite defacementPhantom TroupehacktivismCavitelaw enforcement2021

Related Incidents

Critical

A private medical college in Cebu City

June 24, 2026

Low

A foundation college in Mindanao

May 3, 2026

High

A state university in MIMAROPA

May 2, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources