SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Database Leak
CriticalConfirmed

University of San Carlos (USC)

A 1.42GB data leak from the University of San Carlos exposed 155,300 partial student records and 11,877 complete Form 137 permanent academic transcripts — official documents containing a student's lifetime academic history, posing extreme risk of lifelong identity theft.

August 21, 2025Cebu City, Central Visayas167,000+ records affected

Key Facts

Date of Incident
August 21, 2025
Date Discovered
August 21, 2025
Records Affected
167,000+
1.42 GB total
Source
Brinztech
Data Types Exposed
Student namesPlaces of birthAddressesLearner Reference Numbers (LRN)Dates of birthForm 137 permanent academic recordsComplete grade history
Response / Action Taken

The USC Supreme Student Council issued a public advisory on August 22, 2025 confirming the breach and urging students and alumni to safeguard their digital security. The University's IRMO stated the circulated data appears to be in PDF form and did not originate directly from core database systems, and confirmed active investigation. Affected individuals were directed to report suspicious activity to ict-incident@usc.edu.ph.

What Happened

On August 21, 2025, cybersecurity firm Brinztech reported a significant data breach impacting the University of San Carlos (USC), a prominent educational institution in Cebu City, Philippines. The leak involves two large sets of student data totaling 1.42GB, including complete permanent academic records.

This was one of three Philippine universities breached within a single week in August 2025, alongside Naga College Foundation and UP Mindanao.

Data Exposed

The compromised data is separated into two categories:

Partial Student Records (155,300 records):

  • Full student names
  • Places of birth
  • Home addresses
  • Learner Reference Numbers (LRN)
  • Dates of birth

Complete Academic Records (11,877 records):

  • Full Form 137 files — in the Philippines, a Form 137 is a student's permanent and official academic transcript containing a comprehensive history of their grades and personal details

Why This Breach Is Critical

The exposure of Form 137 documents makes this one of the most damaging school breaches in the Philippines:

  • Lifelong identity theft risk — Form 137 contains a lifetime of personal and academic data. Unlike passwords that can be reset, a permanent academic record cannot be changed. Criminals can use this data for sophisticated identity theft for years to come
  • Fraudulent academic credentials — leaked Form 137s could be used to create counterfeit academic records for employment fraud, professional licensing, or university admissions
  • Large-scale phishing — 155,300 partial records with names, addresses, and birth dates provide a massive target list for phishing and fraud campaigns
  • Data Privacy Act violation — the scope of this breach likely triggers a mandatory NPC investigation and significant penalties under Philippine law

How This Attack Likely Works

A breach of this scale (1.42GB across two data categories) suggests:

  • Database compromise — the attacker gained direct access to the university's student records database, likely through SQL injection, compromised credentials, or an unpatched vulnerability
  • Document storage access — the Form 137 files indicate the attacker also accessed a file storage system where digitized academic records are kept, suggesting broader system compromise beyond just the database
  • Prolonged access — extracting 1.42GB of organized data suggests the attacker had sustained access rather than a quick grab

Institutional Response

On August 22, 2025, the USC Supreme Student Council (SSC) issued a public advisory on social media (@ssc_usc) stating that the incident "extends beyond the scope of phishing and ransomware schemes, as previously stated by the administration" and confirmed "a significant data breach has occurred, resulting in the exposure of thousands of Carolinians' private information online." The SSC said it had formally communicated with the administration and was awaiting their official response. It urged all Carolinians — including alumni who may also be affected — to take precautionary steps to safeguard their digital security.

The University's Information Resource Management Office (IRMO) noted that the data being circulated appears to be in PDF form and did not originate directly from the University's core database systems. While IRMO stated there was no indication of unauthorized direct access to the databases, it confirmed it was actively investigating and monitoring the situation. Affected individuals were advised to report any suspicious activity to ict-incident@usc.edu.ph.

How to Prevent This

  1. 1.Encrypt sensitive documents at rest — Form 137s and other official records should be encrypted in storage so they are unreadable even if the storage system is compromised
  2. 2.Implement strict access controls for academic records — only authorized registrar staff should be able to access Form 137 files, with full audit logging of every access
  3. 3.Separate document storage from web-facing systems — keep digitized academic records on isolated storage systems that are not directly accessible from the internet or the web application
  4. 4.Deploy data loss prevention (DLP) tools — monitor for and block large file transfers or bulk data exports from student records systems
  5. 5.Conduct regular vulnerability assessments — test all student-facing and registrar systems for SQL injection, authentication bypass, and other common vulnerabilities
  6. 6.Tokenize sensitive identifiers — where possible, use tokenized references instead of storing raw LRNs, birth dates, and addresses in application databases
  7. 7.Notify affected students promptly — comply with the Data Privacy Act's 72-hour notification requirement and advise students to monitor for identity theft

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    Brinztech — Brinztech Alert: 155k student records from the University of San Carlos leaked (Aug 21, 2025)
  2. [2]
    Deep Web Konek — University of San Carlos data breach exposes over 155,000 student records
  3. [3]
    USC Supreme Student Council (@ssc_usc) — USC SSC Data Breach Advisory (Aug 22, 2025) — confirmed the breach extends beyond phishing/ransomware, urged Carolinians and alumni to secure their digital accounts, and advised reporting suspicious activity to ict-incident@usc.edu.ph
USCCebuForm 137academic recordsdatabase leakidentity theft

Related Incidents

Critical

A private medical college in Cebu City

June 24, 2026

Critical

A private IT-focused university chain in the Philippines

May 27, 2026

Critical

A state university in Mindanao

May 10, 2026

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources