SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
CriticalResolved

San Beda University (SBU)

A hacker defaced San Beda University's student portal with a 'Doomsday' countdown and exfiltrated approximately 400,000 user credentials stored in plaintext logs, including students, parents, faculty, and alumni. The NBI arrested the 21-year-old hacker.

June 4, 2020Manila, National Capital Region400,000+ records affected

Key Facts

Date of Incident
June 4, 2020
Date Discovered
June 2, 2020
Records Affected
400,000+
16 GB total
Source
Rappler
Data Types Exposed
Student namesBirthdaysPostal addressesEmail addressesStudent gradesStatements of accountUser credentials (plaintext)Parent informationFaculty informationAlumni information
Response / Action Taken

SBU reported to NBI and NPC. Hacker arrested. Independent security audit commissioned. Community advised to reset passwords and enable MFA.

What Happened

On June 2, 2020, IT administrators at San Beda University (SBU) detected penetration of their web servers hosting the student portal (sis.sanbeda.edu.ph). On June 4, users trying to access the portal were met with a message reading "Server Pawned" along with a "Doomsday" countdown timer set for approximately 7 days.

The unknown hackers republished the "Doomsday" countdown on June 5, after the university attempted to restore the portal.

How the Attack Happened

SBU stated the hacker got through the system set up by Princtech Company, the third-party vendor that developed their student portal. A critical flaw was discovered: the student portal had been logging all errors containing user credentials in clear text format. This allowed the attacker to obtain approximately 400,000 user logins between 2019–2020.

The attacker was also simultaneously sending out pharming links to trick members of the SBU community into sharing more personal information.

Data Exposed

  • Student names, birthdays, and postal addresses
  • Email addresses
  • Student grades and academic records
  • Statements of account (financial records)
  • Approximately 400,000 user credentials in plaintext — covering students, parents, faculty, and alumni from 2019–2020

Response

SBU took swift action:

  • Reported the breach to the National Bureau of Investigation (NBI) and the National Privacy Commission (NPC)
  • Demanded Princtech Company explain the security failure
  • Hired independent IT experts to audit the system and recommend a complete redesign
  • Called on the entire SBU community to change all passwords and enable two-step authentication
  • Issued a public apology

Arrest

The NBI launched a cybersurveillance operation after SBU filed a formal complaint. Through their investigation, the NBI identified the handler "@solus" — identified as John Raven Aquino, a 21-year-old who was the founder and leader of the Global Security Hacker Group (GSH). Aquino was arrested, making this one of the few Philippine school hacking cases to result in a criminal prosecution.

How to Prevent This

  1. 1.Never log credentials in plaintext — application error logs must never contain passwords, session tokens, or authentication data. Audit all logging configurations immediately
  2. 2.Audit third-party vendor security — before deploying any student portal, require the vendor to demonstrate secure coding practices, penetration test results, and compliance with security standards
  3. 3.Implement credential hashing — all passwords must be hashed with bcrypt, scrypt, or Argon2. If your vendor stores or logs passwords in plaintext, this is a contract-terminating security failure
  4. 4.Deploy Web Application Firewall (WAF) — to block common attack vectors before they reach the application
  5. 5.Enable multi-factor authentication (MFA) — even if credentials are compromised, MFA prevents unauthorized login
  6. 6.Report breaches to the NBI and NPC promptly — SBU's swift reporting led to the arrest of the hacker, demonstrating the value of coordinating with law enforcement
  7. 7.Conduct regular security audits of vendor-provided systems — do not assume third-party vendors maintain adequate security

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Rappler — Initial report: San Beda University student portal down after apparent hack (June 4, 2020)
  2. [2]
    Rappler — Follow-up: San Beda seeks NBI and NPC help to track hacker; Princtech identified as vendor (June 7, 2020)
  3. [3]
    Rappler — 'Doomsday' warning for San Beda University resurfaces (June 5, 2020)
  4. [4]
    Manila Bulletin — San Beda student portal hacked — breach details, data types exposed, Princtech mention (June 7, 2020)
  5. [5]
    GMA News — NBI arrests 21-year-old John Raven Aquino for allegedly hacking university website (June 28, 2020)
  6. [6]
    Rappler — Amid investigation, alleged San Beda hackers release '16GB database of San Beda'
  7. [7]
    GitHub (ajdumanhug/gothacked) — Registry of Philippine school hacking incidents — San Beda listed June 8, 2020
San Bedastudent portalNBI arrestplaintext credentialsManilaPrinctechNPC

Related Incidents

Medium

Polytechnic University of the Philippines (PUP)

June 17, 2020

High

Far Eastern University (FEU)

June 16, 2020

Critical

DepEd Online Voucher Application Program (OVAP)

February 20, 2024

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources