SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
HighResolved

University of Mindanao (UM)

The University of Mindanao's student portal was breached by the Pinoy Grayhats group with data leakage reported, as part of the June 2020 wave of attacks on Philippine universities.

June 18, 2020Davao City, Davao RegionUnknown records affected

Key Facts

Date of Incident
June 18, 2020
Date Discovered
June 18, 2020
Records Affected
Unknown
Source
Manila Bulletin
Data Types Exposed
Student portal dataStudent personal information
Response / Action Taken

On June 18, 2020 — the same day as the breach — the University of Mindanao issued an official statement acknowledging that the UM Student Portal had been the subject of a security breach and stating that its Information and Communications Technology (ICT) team was investigating the matter thoroughly. The statement did not detail what data was accessed, how the breach occurred, or specify remediation steps.

What Happened

On June 18, 2020, the University of Mindanao's student portal (student.umindanao.edu.ph) was breached by the hacker group Pinoy Grayhats. This was classified as a "Security Breach / Data Leakage" — meaning student data was not only accessed but also exfiltrated or published.

The attack occurred as part of a broader campaign that targeted multiple Philippine universities during June 2020.

Data Exposed

Student personal data from the student portal was leaked. The specific scope and types of data exposed were not publicly disclosed.

Broader Context

The University of Mindanao was one of over 20 Philippine schools hacked in June 2020 alone. The attacks coincided with the shift to online education during the COVID-19 pandemic.

How to Prevent This

  1. 1.Conduct penetration testing on student portals — especially before deploying them for online learning
  2. 2.Use parameterized queries — prevent SQL injection in all database-backed applications
  3. 3.Implement data encryption — encrypt sensitive student data at rest and in transit
  4. 4.Deploy a Web Application Firewall (WAF) — to block common web attack vectors
  5. 5.Enable access logging and monitoring — detect unauthorized data access in real-time

Institution Statement

Right of Reply — Official statement from the named institution

Just today, the UM Student Portal has been a subject of latest security breach. We would like to reassure everyone that our Information and Communications Technology (ICT) team is investigating this matter thoroughly.

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Manila Bulletin — FEU calls on students to reset passwords — UM mentioned in broader wave (June 19, 2020)
  2. [2]
    Rappler — FEU investigating possible hack — University of Mindanao listed among Pinoy Grayhats targets
  3. [3]
    Secuna Blog — More than 20 Philippine schools hacked just this June — UM listed among affected institutions
  4. [4]
    GitHub (ajdumanhug/gothacked) — Registry of Philippine school hacking incidents — UM listed June 18, 2020 by Pinoy Grayhats, classified as Data Leakage
  5. [5]
    University of Mindanao — UM's official statement on the student portal hacking incident (June 18, 2020)
UMUniversity of MindanaoDavaoPinoy Grayhatsdata leakageCOVID-19 online learning

Related Incidents

High

Rizal Technological University (RTU)

June 29, 2020

High

Our Lady of Fatima University (OLFU)

June 25, 2020

Medium

Bulacan State University (BulSU)

June 18, 2020

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources