A Data Breach Hits Naga College Foundation: Over 60,000 Student Records Leaked Online
A threat actor has claimed responsibility for leaking sensitive student application records from Naga College Foundation (NCF) in the Philippines, exposing more than 60,000 student records to the dark web.
The advertisement for the stolen data was posted on an underground hacking forum by a user operating under the alias “Chucky_BF,” a known figure in data breach marketplaces. According to the listing, the database dump measures 36.5 MB in size (CSV format) and contains highly sensitive information collected from student applications.
https://iili.io/Fpl8f4f.png
The post, titled “CRITICAL Data Leak: Naga College Foundation (NCF, Philippines) — 36.5MB of Student Applications Exposed!,” states that the breach originated from ncf.edu.ph, the institution’s official website. The leak date was listed as August 13, 2025.
https://iili.io/FpVWfsa.png
https://iili.io/FpVWKWg.png
The leaked records reportedly include the following:
1. Personal identifiers: names, birth dates, gender, nationality, Learner Reference Number (LRN), and civil status.
2. Contact details: phone numbers, email addresses, home addresses, and barangay IDs.
3. Financial and family information: household income, dependents, and birth order.
4. Academic records: General Weighted Average (GWA), exam results, previous schools, and course details.
5. Sensitive health data: Persons with Disabilities (PWD) status, hospitalization history, and emergency contacts.
In total, 60,771 records were reportedly compromised.
The hacker is allegedly offering the full dataset for USD $450, with promotional materials claiming to provide previews and dedicated channels for distribution. The underground forum post signals an active effort to attract buyers and monetize the stolen student records.
The exposure of student data from NCF poses severe risks to affected individuals, including identity theft, phishing scams, financial fraud, and social engineering attacks. The inclusion of health records and academic details further deepens the sensitivity of the breach, potentially leaving students vulnerable to both digital and physical threats.
As of press time, Naga College Foundation has not yet issued an official statement regarding the alleged breach. It remains unclear whether the institution is aware of the cyberattack or has initiated incident response protocols.
