What Happened
On June 18, 2020, the University of Mindanao's student portal (student.umindanao.edu.ph) was breached by the hacker group Pinoy Grayhats. This was classified as a "Security Breach / Data Leakage" — meaning student data was not only accessed but also exfiltrated or published.
The attack occurred as part of a broader campaign that targeted multiple Philippine universities during June 2020.
Data Exposed
Student personal data from the student portal was leaked. The specific scope and types of data exposed were not publicly disclosed.
Broader Context
The University of Mindanao was one of over 20 Philippine schools hacked in June 2020 alone. The attacks coincided with the shift to online education during the COVID-19 pandemic.
How to Prevent This
- 1.Conduct penetration testing on student portals — especially before deploying them for online learning
- 2.Use parameterized queries — prevent SQL injection in all database-backed applications
- 3.Implement data encryption — encrypt sensitive student data at rest and in transit
- 4.Deploy a Web Application Firewall (WAF) — to block common web attack vectors
- 5.Enable access logging and monitoring — detect unauthorized data access in real-time
Institution Statement
Right of Reply — Official statement from the named institution
Just today, the UM Student Portal has been a subject of latest security breach. We would like to reassure everyone that our Information and Communications Technology (ICT) team is investigating this matter thoroughly.Sources & References
All sources are independently verified. Access dates and archive links are recorded for each citation.
- [1]Manila Bulletin — FEU calls on students to reset passwords — UM mentioned in broader wave (June 19, 2020)
- [2]Rappler — FEU investigating possible hack — University of Mindanao listed among Pinoy Grayhats targets
- [3]Secuna Blog — More than 20 Philippine schools hacked just this June — UM listed among affected institutions
- [4]GitHub (ajdumanhug/gothacked) — Registry of Philippine school hacking incidents — UM listed June 18, 2020 by Pinoy Grayhats, classified as Data Leakage
- [5]University of Mindanao — UM's official statement on the student portal hacking incident (June 18, 2020)