SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Database Leak
CriticalConfirmed

University of the Philippines Mindanao (UP Mindanao)

A threat actor claiming affiliation with DeathNote Hackers (DNH) leaked approximately 19,000 records from UP Mindanao, including faculty personal data and student academic records, after an initial website defacement that the university had denied was a breach.

August 12, 2025Davao City, Davao Region19,000+ records affected

Key Facts

Date of Incident
August 12, 2025
Date Discovered
August 12, 2025
Records Affected
19,000+
Source
Deep Web Konek
Data Types Exposed
Date of birthEmployee IDsFull namesMarital statusGenderEmail addressesStudent numbersDegree programsEnrollment timelines
Response / Action Taken

UP Mindanao initially denied breach after defacement. Data dump subsequently confirmed the breach.

What Happened

In August 2025, a threat actor using the aliases "D4rkM4tt3r" or "JakeTheDog," claiming affiliation with the hacker group DeathNote Hackers (DNH), released a 1.3 MB CSV file containing approximately 19,000 records from the University of the Philippines Mindanao.

The breach was preceded by a website defacement incident earlier in the month. On August 12, UP Mindanao released an advisory stating that no breach had occurred following the initial defacement report. However, this denial was contradicted when the threat actors subsequently released the data dump with screenshots showing sample data, confirming the breach's authenticity.

This was the third Philippine university breached within one week, following breaches at Naga College Foundation Inc. and the University of San Carlos, raising concerns about cybersecurity across the country's higher education sector.

Data Exposed

Faculty records included:

  • Date of birth
  • Employee IDs
  • Full names
  • Marital status
  • Gender
  • Email addresses

Student records included:

  • Student numbers
  • Full names
  • Degree programs
  • Enrollment timelines
  • Registration status
  • College and department
  • Year level and curriculum
  • Registration advisers
  • University email addresses

Why This Breach Is Significant

The University of the Philippines is the country's national university and most prestigious public institution. A breach at UP Mindanao carries outsized reputational impact and signals that even well-resourced institutions remain vulnerable.

The initial denial followed by confirmed data release also highlights a common failure pattern — downplaying a defacement as cosmetic damage when in reality the attacker had deeper access to backend systems and databases.

How This Attack Likely Works

The progression from website defacement to data exfiltration is a common attack pattern:

  1. 1.Initial compromise — the attacker gains access through a web application vulnerability (SQL injection, file upload flaw, or unpatched CMS)
  2. 2.Website defacement — the attacker modifies the homepage to announce their presence (this is often a diversion or proof of access)
  3. 3.Data exfiltration — while the institution focuses on restoring the defaced website, the attacker extracts database contents through the same vulnerability
  4. 4.Public release — the data is posted on cybercrime forums or leaked publicly, often after the institution denies a breach

How to Prevent This

  1. 1.Treat every defacement as a potential full breach — if an attacker can modify your website, assume they can also access your database. Launch a full forensic investigation, not just a website restoration
  2. 2.Implement Web Application Firewall (WAF) — block common attack vectors like SQL injection and file upload exploits before they reach your application
  3. 3.Segment web servers from database servers — ensure the web server cannot directly query student/faculty databases without going through a secured API layer
  4. 4.Deploy intrusion detection systems (IDS) — monitor for unauthorized database queries, bulk data exports, and suspicious file access patterns
  5. 5.Prepare honest incident communications — premature denials that are later contradicted by evidence severely damage institutional credibility. Acknowledge incidents early and update stakeholders as the investigation progresses
  6. 6.Conduct regular penetration testing — test all public-facing systems at least annually, especially student portals and information systems
  7. 7.Patch web applications promptly — prioritize security updates for CMS platforms, student portals, and any internet-facing applications

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Deep Web Konek — UP Mindanao data breach exposes thousands of student and faculty records — threat actor 'D4rkM4tt3r' / DeathNote Hackers
  2. [2]
    MindaNews — UPMins online enrollment system hacked
UP MindanaoDeathNote HackersDavaodatabase leakwebsite defacementDeep Web KonekUP System

Related Incidents

High

University of Southeastern Philippines (USeP)

September 1, 2025

Critical

A private medical college in Cebu City

June 24, 2026

Critical

Two educational institutions in San Fernando, La Union

March 29, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources