SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Database Leak
HighResolved

A private college in Bulacan

The name of this institution has been withheld pending verification of the source. This entry is based on an unconfirmed report.

Threat actor group Fawkes Pilipinas, affiliated with Nullsec Philippines, claimed to have exfiltrated data from a private college in Bulacan. The post, framed around allegations of discrimination and bullying, included a download link to a 4MB+ CSV file purportedly containing college data. The school has not confirmed or denied the breach.

March 31, 20264 MB+ of data exposed

Key Facts

Date of Incident
March 31, 2026
Date Discovered
March 31, 2026
Data Exposed
4 MB+
Source
Fawkes Pilipinas (Facebook)
Data Types Exposed
Student PII (unconfirmed)Personal data
Response / Action Taken

No official acknowledgement or public statement from the institution has been found. As of April 2026, the underlying issue appears to have been resolved based on a review of the institution's site.

What Happened

On March 31, 2026, the threat actor group Fawkes Pilipinas published a post on Facebook addressed to a private college in Bulacan. The message was framed around "concerns and allegations" related to discrimination, bullying, and inclusivity within the school — a common hacktivism pretext used by this group to justify data releases.

The post included a direct download link to a 4MB+ CSV file hosted on MediaFire, which the group presented as data exfiltrated from the college's systems.

Hacktivism Framing

Fawkes Pilipinas framed the breach as a social awareness action, stating: "Recent discussions from students and advocacy groups have highlighted claims related to discrimination, bullying, and concerns about inclusivity within the school environment. While these reports may not all be officially verified, they reflect experiences that deserve attention and proper review."

This framing is consistent with prior Nullsec Philippines operations, where social grievances (real or fabricated) are cited as justification for unauthorized data exfiltration and public exposure of student records.

What Was Allegedly Compromised

Based on the threat actor's post:

  • File format: CSV
  • File size: 4MB+

The actual contents of the file have not been independently verified. Given the file size and CSV format, the data likely includes structured records from one or more of the college's internal databases — potentially containing student or employee PII.

Note on school identity: The name of the institution has been withheld as this claim comes solely from the threat actor, with no independent confirmation from the school, media, or official sources.

Note on data contents: No sample records have been publicly shared, so the specific data fields and whether passwords were included (or stored in plaintext) is unknown at this time.

Attacker

The post was signed by members of Fawkes Pilipinas, with greetz to:

  • X10n, Ch4nc3ll0rx.1337, crypt0nymz, 0xSeve, Ph.sydn3y, Lei$

Special greetz to: Nullsec Philippines, Zeus, Cyberfr0st, nomxrcy, Mr.Astra, 0xTerror

Several of these handles — including crypt0nymz — were also credited in the breach of a private school in Tagum City in early March 2026, confirming overlapping membership between Fawkes Pilipinas and Nullsec Philippines.

Why This Breach Matters

  • 4MB+ of structured CSV data — this is a full database export, not a token sample, suggesting substantial access to internal systems
  • Escalating pattern — Fawkes Pilipinas and Nullsec Philippines have conducted at least a dozen documented attacks on Philippine educational institutions in 2026 alone
  • No institutional response — the college has not issued any public statement confirming or denying the breach

Resolution

As of April 2026, a review of the institution's website indicates the underlying issue appears to have been resolved. No official acknowledgement or public statement from the institution regarding the breach has been found.

Recommended Actions for the Institution

  1. 1.Immediately investigate the claimed breach — determine whether unauthorized access occurred and what data was affected
  2. 2.Notify the National Privacy Commission (NPC) within 72 hours if the breach is confirmed, as required by the Data Privacy Act of 2012
  3. 3.Audit database access logs — determine how the data was exfiltrated and whether additional access occurred
  4. 4.Notify affected students and staff if their data was compromised
  5. 5.Review password storage practices — if credentials were included in the exfiltrated data, ensure passwords are hashed using bcrypt, scrypt, or Argon2 rather than stored in plain text
  6. 6.Conduct a full security assessment of all web-facing systems
MeycauayanBulacanCentral LuzonFawkes PilipinasNullsecPhilippinesdatabase leakCSVhacktivism2026private college

Related Incidents

Critical

DepEd Training Platform (training.deped.gov.ph)

May 3, 2026

High

Bangsamoro Ministry of Basic, Higher and Technical Education (MBHTE)

March 31, 2026

Critical

A private medical college in Cebu City

June 24, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources