SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Unauthorized Access
MediumResolved

University of St. La Salle (USLS)

The Pinoy Grayhats hacker group breached the University of St. La Salle student portal (apps.usls.edu.ph) as part of their June 2020 campaign exposing vulnerabilities in Philippine school websites.

June 17, 2020Bacolod, Negros Occidental, Western VisayasUnknown records affected

Key Facts

Date of Incident
June 17, 2020
Date Discovered
June 17, 2020
Records Affected
Unknown
Source
GitHub (ajdumanhug/gothacked)
Data Types Exposed
Student portal dataStudent personal information
Response / Action Taken

The university addressed the vulnerabilities after the breach was publicized.

What Happened

On June 17, 2020, the Pinoy Grayhats hacker group gained unauthorized access to the student portal of the University of St. La Salle (USLS) at apps.usls.edu.ph in Bacolod City.

This breach was part of a coordinated campaign by Pinoy Grayhats and the Philippine Hacking University (PHU) community to expose security vulnerabilities in Philippine educational institutions during the rapid shift to online learning caused by the COVID-19 pandemic.

How the Attack Worked

The attackers exploited common web application vulnerabilities found across Philippine school portals:

  • Missing or expired SSL certificates — leaving data transmissions unencrypted
  • Weak authentication — admin credentials vulnerable to brute-force attacks
  • Unpatched software — outdated CMS and web frameworks with known vulnerabilities

What Was Potentially Exposed

Student portals like USLS's typically contain:

  • Student names, IDs, and contact information
  • Academic records and grades
  • Enrollment and financial data

Context

On the same day (June 17, 2020), Pinoy Grayhats also breached Far Eastern University, Cebu Normal University, Tarlac Agricultural University, ICCT Colleges, and AMA University — demonstrating the scale of vulnerabilities across Philippine schools.

Lessons for Schools

  1. 1.Ensure SSL certificates are current — expired certificates are a red flag that basic security hygiene is neglected
  2. 2.Implement strong authentication — enforce complex passwords and account lockout policies on all admin and student portals
  3. 3.Keep all software updated — apply security patches promptly for CMS platforms, web servers, and application frameworks
  4. 4.Conduct vulnerability assessments — regularly scan student-facing systems for known vulnerabilities

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    GitHub Registry — Community-maintained registry of Philippine school hacking incidents (May-June 2020)
  2. [2]
    Manila Bulletin — Anatomy of a hack: How hackers breached vulnerable PH schools (July 1, 2020)
USLSBacolodWestern VisayasPinoy Grayhats2020pandemicstudent portal

Related Incidents

Medium

ICCT Colleges

June 17, 2020

Medium

Angeles University Foundation (AUF)

June 19, 2020

Medium

Technological Institute of the Philippines (TIP) Career Center

June 19, 2020

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources