SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
MediumResolved

Samar State University (SSU)

A hacker using the handle 'AR_404' breached the Samar State University website (ssu.edu.ph/AR.php) during the June 2020 wave of Philippine school cyberattacks.

June 28, 2020Catbalogan, Samar, Eastern VisayasUnknown records affected

Key Facts

Date of Incident
June 28, 2020
Date Discovered
June 28, 2020
Records Affected
Unknown
Source
GitHub (ajdumanhug/gothacked)
Data Types Exposed
Website contentStudent information
Response / Action Taken

SSU addressed the security vulnerabilities after the breach was disclosed.

What Happened

On June 28, 2020, a hacker using the handle "AR_404" gained unauthorized access to the website of Samar State University (SSU) at ssu.edu.ph. The attacker uploaded a PHP file (AR.php) to the server, demonstrating the ability to execute arbitrary code on the web server.

How the Attack Worked

The presence of an uploaded PHP file (AR.php) suggests the attacker exploited one of these common vulnerabilities:

  • Insecure file upload — the website allowed uploading of PHP files without proper validation
  • Remote code execution — a vulnerability in the web application allowed the attacker to write files to the server
  • Compromised credentials — the attacker gained access to FTP or CPanel credentials

Why This Breach Matters

  • Independent attacker — unlike most June 2020 school attacks attributed to Pinoy Grayhats, this came from a different actor (AR_404)
  • Code execution — uploading a PHP file indicates full server compromise, not just a surface-level defacement
  • Eastern Visayas targeting — along with NwSSU, this shows that schools in the Eastern Visayas region were specifically targeted

Lessons for Schools

  1. 1.Disable PHP file uploads — web applications should never allow users to upload executable files
  2. 2.Monitor file system changes — tools that detect new or modified files on the web server can catch intrusions early
  3. 3.Restrict server permissions — web server processes should run with minimal permissions to prevent file writes

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    GitHub Registry — Community-maintained registry of Philippine school hacking incidents (May-June 2020)
SSUCatbaloganEastern VisayasAR_4042020pandemicPHP uploadstate university

Related Incidents

High

Northwest Samar State University (NwSSU)

June 27, 2020

High

Polytechnic University of the Philippines — Taguig (PUP Taguig)

June 27, 2020

High

De La Salle University (DLSU) — 2020 Data Leak

June 28, 2020

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources