Back to Breach Tracker
Database Leak
CriticalConfirmed

University of the Philippines Mindanao (UP Mindanao)

A threat actor claiming affiliation with DeathNote Hackers (DNH) leaked approximately 19,000 records from UP Mindanao, including faculty personal data and student academic records, after an initial website defacement that the university had denied was a breach.

August 12, 2025Davao City, Davao Region19,000+ records affected

Key Facts

Date of Incident
August 12, 2025
Date Discovered
August 12, 2025
Records Affected
19,000+
Source
Deep Web Konek
Data Types Exposed
Date of birthEmployee IDsFull namesMarital statusGenderEmail addressesStudent numbersDegree programsEnrollment timelines
Response / Action Taken

UP Mindanao initially denied breach after defacement. Data dump subsequently confirmed the breach.

What Happened

In August 2025, a threat actor using the aliases "D4rkM4tt3r" or "JakeTheDog," claiming affiliation with the hacker group DeathNote Hackers (DNH), released a 1.3 MB CSV file containing approximately 19,000 records from the University of the Philippines Mindanao.

The breach was preceded by a website defacement incident earlier in the month. On August 12, UP Mindanao released an advisory stating that no breach had occurred following the initial defacement report. However, this denial was contradicted when the threat actors subsequently released the data dump with screenshots showing sample data, confirming the breach's authenticity.

This was the third Philippine university breached within one week, following breaches at Naga College Foundation Inc. and the University of San Carlos, raising concerns about cybersecurity across the country's higher education sector.

Data Exposed

Faculty records included:

  • Date of birth
  • Employee IDs
  • Full names
  • Marital status
  • Gender
  • Email addresses

Student records included:

  • Student numbers
  • Full names
  • Degree programs
  • Enrollment timelines
  • Registration status
  • College and department
  • Year level and curriculum
  • Registration advisers
  • University email addresses

Why This Breach Is Significant

The University of the Philippines is the country's national university and most prestigious public institution. A breach at UP Mindanao carries outsized reputational impact and signals that even well-resourced institutions remain vulnerable.

The initial denial followed by confirmed data release also highlights a common failure pattern — downplaying a defacement as cosmetic damage when in reality the attacker had deeper access to backend systems and databases.

How This Attack Likely Works

The progression from website defacement to data exfiltration is a common attack pattern:

  1. 1.Initial compromise — the attacker gains access through a web application vulnerability (SQL injection, file upload flaw, or unpatched CMS)
  2. 2.Website defacement — the attacker modifies the homepage to announce their presence (this is often a diversion or proof of access)
  3. 3.Data exfiltration — while the institution focuses on restoring the defaced website, the attacker extracts database contents through the same vulnerability
  4. 4.Public release — the data is posted on cybercrime forums or leaked publicly, often after the institution denies a breach

How to Prevent This

  1. 1.Treat every defacement as a potential full breach — if an attacker can modify your website, assume they can also access your database. Launch a full forensic investigation, not just a website restoration
  2. 2.Implement Web Application Firewall (WAF) — block common attack vectors like SQL injection and file upload exploits before they reach your application
  3. 3.Segment web servers from database servers — ensure the web server cannot directly query student/faculty databases without going through a secured API layer
  4. 4.Deploy intrusion detection systems (IDS) — monitor for unauthorized database queries, bulk data exports, and suspicious file access patterns
  5. 5.Prepare honest incident communications — premature denials that are later contradicted by evidence severely damage institutional credibility. Acknowledge incidents early and update stakeholders as the investigation progresses
  6. 6.Conduct regular penetration testing — test all public-facing systems at least annually, especially student portals and information systems
  7. 7.Patch web applications promptly — prioritize security updates for CMS platforms, student portals, and any internet-facing applications

Sources & References

  1. [1]
    Deep Web Konek UP Mindanao data breach exposes thousands of student and faculty records — threat actor 'D4rkM4tt3r' / DeathNote Hackers
UP MindanaoDeathNote HackersDavaodatabase leakwebsite defacementDeep Web Konek