What Happened
On June 18, 2020, the University of Mindanao's student portal (student.umindanao.edu.ph) was breached by the hacker group Pinoy Grayhats. This was classified as a "Security Breach / Data Leakage" — meaning student data was not only accessed but also exfiltrated or published.
The attack occurred as part of a broader campaign that targeted multiple Philippine universities during June 2020.
Data Exposed
Student personal data from the student portal was leaked. The specific scope and types of data exposed were not publicly disclosed.
Broader Context
The University of Mindanao was one of over 20 Philippine schools hacked in June 2020 alone. The attacks coincided with the shift to online education during the COVID-19 pandemic.
How to Prevent This
- 1.Conduct penetration testing on student portals — especially before deploying them for online learning
- 2.Use parameterized queries — prevent SQL injection in all database-backed applications
- 3.Implement data encryption — encrypt sensitive student data at rest and in transit
- 4.Deploy a Web Application Firewall (WAF) — to block common web attack vectors
- 5.Enable access logging and monitoring — detect unauthorized data access in real-time
Sources & References
- [1]Manila Bulletin — FEU calls on students to reset passwords — UM mentioned in broader wave (June 19, 2020)
- [2]Rappler — FEU investigating possible hack — University of Mindanao listed among Pinoy Grayhats targets
- [3]Secuna Blog — More than 20 Philippine schools hacked just this June — UM listed among affected institutions
- [4]GitHub (ajdumanhug/gothacked) — Registry of Philippine school hacking incidents — UM listed June 18, 2020 by Pinoy Grayhats, classified as Data Leakage
UMUniversity of MindanaoDavaoPinoy Grayhatsdata leakageCOVID-19 online learning