SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
HighConfirmed

Romblon State University (RSU)

Hacktivist group 'DeathNote Hacker Philippines' breached Romblon State University's website, stealing personal information of students and faculty members.

April 22, 2025Odiongan, Romblon, MIMAROPAUnknown records affected

Key Facts

Date of Incident
April 22, 2025
Date Discovered
April 22, 2025
Records Affected
Unknown
Source
Philippine News Agency (PNA)
Data Types Exposed
Student personal informationFaculty personal informationInternal school records
Response / Action Taken

RSU management convened to assess damage. DOST Romblon confirmed the attack. RSU issued an official statement on Facebook.

What Happened

In April 2025, a hacktivist group calling itself "DeathNote Hacker Philippines" breached the website of Romblon State University (RSU) in Odiongan, Romblon. The group claimed to have stolen the personal information of both students and faculty members.

RSU's management convened to assess the extent of the damage. RSU spokesperson Sherryll Sweetah Fetalvero confirmed the incident through online statements.

Motive

The attackers stated they were motivated by:

  • Alleged misconduct by faculty members
  • Frustration over unchanged class schedules despite extreme heat conditions

This positions the attack as hacktivism — using cyberattacks to draw attention to grievances rather than for financial gain.

What Was Compromised

The group claimed to have stolen:

  • Student personal information — names, contact details, and potentially academic records
  • Faculty personal information — staff details and employment records
  • Internal school records — the full extent of exfiltrated data is still being assessed

Response

The Department of Science and Technology (DOST) Romblon director Marcelina Servañez confirmed the cyberattack, stating that RSU "is capable of addressing the situation with little help from outside parties."

RSU issued an official statement on their Facebook page acknowledging the data breach incident.

Why This Breach Matters

  • Hacktivist targeting of universities — Philippine hacktivist groups like DeathNote Hacker Philippines are part of a growing trend of cyber activists targeting educational institutions
  • Grievance-driven attacks — even seemingly minor institutional complaints (like class schedules) can motivate threat actors to breach systems and expose personal data
  • Data of students at risk — regardless of the attacker's stated motive, the personal information of students and faculty is now potentially compromised
  • Regional universities are targets too — not just Manila-based institutions; schools in provincial areas like Romblon are equally at risk

Lessons for Schools

  1. 1.Any grievance can become a motive — schools should not assume they are too small or too remote to be targeted
  2. 2.Website security is critical — web applications are the most common entry point for attacks
  3. 3.Incident response planning — RSU's prompt assessment shows the value of having a response plan in place
  4. 4.NPC notification — if personal data was confirmed compromised, the school must notify the NPC within 72 hours under the Data Privacy Act

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    PNA Report — Romblon State U assesses data breach after website hacking
  2. [2]
    RSU Official Statement (Facebook) — Official statement from Romblon State University on the data breach incident
  3. [3]
    PNA Follow-up Report — Philippine News Agency follow-up coverage on the Romblon State University data breach investigation
RSURomblonMIMAROPAhacktivistDeathNote Hacker Philippinesuniversityfaculty datastudent data

Related Incidents

High

A private college in Davao City

March 3, 2026

High

A state university in MIMAROPA

May 2, 2026

Critical

DepEd Tayo Roxas City

March 8, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources