University of San Carlos Data Breach Exposes Over 155,000 Student Records
EDITED: August 22, 2025 (7:00am)
A threat actor under the alias “singular” has posted a data dump allegedly stolen from the University of San Carlos (USC) in Cebu City, Philippines, exposing a vast collection of sensitive student information.
https://iili.io/K9o76MP.png
The listing, published on a cybercrime forum, claims to contain 155,300 Form 137-A student records drawn from USC’s official student management system (ismis.usc.edu.ph). The attacker detailed that the files include highly identifiable information such as:
• Full Names
• Places of Birth (PoB)
• Residential Addresses
• Learner Reference Numbers (LRN)
• Dates of Birth (DoB)
https://iili.io/K9oIt9V.png
Beyond this main archive, a smaller but more detailed dataset of nearly 12,000 records was also leaked. This second batch was described as “complete” and contains additional sensitive academic data such as:
• Educational Track and Strand
• School Affiliations
• Student Grades
The combined size of these archives exceeds 14 gigabytes, underscoring the scale of the breach. This incident matters because Form 137-A is not just a regular school documents, it is a comprehensive academic record that tracks a student’s progress from basic education through senior high school. It is often required for transfers, college applications, and even certain employment screenings. With details such as names, addresses, and LRNs exposed, students could face long-term risks including identity theft, impersonation, fraudulent enrollment, and unauthorized access to other institutional services.
The availability of grades, academic strands, and school histories also opens the door to profiling, targeted scams, and potential discrimination should the information circulate more broadly in underground markets or leak into the open web. Unlike simple email leaks, the breach of Form 137-A documents gives a deep, historical profile of each affected student.
As of this writing, the University of San Carlos has not issued any official statement regarding the alleged breach or its potential impact on current and former students.
UPDATE:
UNIVERSITY UPDATE: In light of Facebook page Deep Web Konek's report of a data breach on allegedly 155,000 student records by user "singular" today, August 21, Vice President for Administration Atty. Joan Largo forwarded an email by USC's IRMO team that was claimed to have been issued to Carolinians last August 6, 2025 on the matter.
According to the IRMO Team's letter, they stated that the data breach by user singular8ty@proton.me is a "phishing-based extortion or a ransomware scam" after careful evaluation. Particularly, it's a deceptive message designed to create a false sense of urgency and tricking people into taking harmful actions.
The IRMO Team advises the student body to not engage with any link or email attached to the threat actor, to delete said email, and change Gmail passwords along with other passwords related to system applications.
Today's Carolinian (TC) is reaching out to other important people for further information as of this report. This is a developing story.
