A step-by-step guide for school administrators to find out if their institution's data has been leaked — and what to do if it has.
If your school appears in the news, in an NPC advisory, or in someone's warning — or if you simply want to be proactive — this guide walks you through every step to find out whether your school's data is circulating outside your systems.
You don't need to be a cybersecurity expert. You need to be careful, methodical, and willing to act on what you find.
The fastest first step is to search SchoolBreach.org directly.
Use the search bar on the homepage and type your school name (or abbreviation — "DLSU", "DepEd Laguna", "UP Cebu" all work). If your institution appears here, you'll see the incident date, severity, records affected, and a link to the full report.
What the results mean:
Have I Been Pwned (haveibeenpwned.com) is the world's most widely used breach notification service. It aggregates data from thousands of known breach databases.
Go to haveibeenpwned.com and enter any school email address (yours, or a shared admin account like registrar@yourschool.edu.ph). HIBP will tell you if that address appears in any known breach.
HIBP offers a Domain Search that checks all email addresses under your school's domain at once.
What the results mean:
Several services aggregate breach data from cybercriminal forums, paste sites, and data dumps. These can surface breaches that haven't been widely reported yet.
IntelX (intelligence.cx):
A search engine for leaked data. The free tier lets you search by email domain or keyword. Search for your school's name, email domain, and common staff email patterns.
DeHashed (dehashed.com):
Aggregates breach data and allows domain-level searches. Free searches are limited; paid tiers provide full results. Useful for checking if school credentials have appeared in breach compilations.
Important: These tools show you that data exists — not what's in it. Their purpose here is detection, not access. Never attempt to download or access leaked data files.
Some leaked data ends up on paste sites (Pastebin, Ghostbin) or file-sharing services and gets indexed by Google. These searches help find publicly accessible leaks:
Search 1 — Paste sites:
Search: site:pastebin.com "yourschool.edu.ph"
Search 2 — SQL dump files:
Search: "yourschool.edu.ph" filetype:sql
Search 3 — School name in breach context:
Search: "[Your School Name]" data breach leaked
What finding results means:
Finding results doesn't mean your school was specifically targeted — some paste sites host scraped data from many sources. But finding your school's email addresses or student records in a paste is a significant signal worth investigating.
Regardless of what you find, do not:
Under the Data Privacy Act (RA 10173), if a breach involves sensitive personal information of 1,000 or more individuals, your school must notify the National Privacy Commission within 72 hours of discovering the breach.
Report at: privacy.gov.ph
Read the full response guide: What To Do When Your School Gets Breached
Finding no current breach is good — but staying clean requires ongoing effort.
The Site Scanner checks your school's public website for security headers, privacy compliance, and common vulnerabilities. Run it regularly (monthly is a good cadence).
Use the Email Security Checklist to verify your school's SPF, DKIM, and DMARC configuration. Email is the most common entry point for credential theft.
Once you've verified your domain on HIBP, you can set up domain monitoring to receive email notifications if new breaches involving your domain are discovered. This is free and automatic.
The School Cybersecurity Checklist covers the 10 most impactful security controls for Philippine schools — most of which are free or low-cost to implement.