University of the Philippines Mindanao Data Breach Exposes Thousands of Student and Faculty Records
The University of the Philippines Mindanao (UP Mindanao) has experienced a data breach, serving as confirmation of an earlier incident first reported earlier this month. Thousands of student and faculty records were published online by a threat actor, establishing that the university’s systems had indeed been compromised.
The leaked dataset is a 1.3 MB CSV file containing roughly 19,000 lines of information. Based on initial reviews, the files include:
• Faculty Data: Date of birth, employee ID, full names, marital status, gender, and email addresses.
• Student Enrollment Data: Student numbers, full names, degree programs, and enrollment timelines.
• Student Data: Registration status, gender, college, department, degree program, year level, curriculum, registration advisers, and university email addresses.
• Additional Student Records: Simplified listings of student numbers, names, programs, year level, and status.
https://iili.io/KHOX5WQ.png
Screenshots released by the threat actor show sample data containing student numbers, names, registration status, degree programs, year levels, advisers, and institutional email addresses, confirming the authenticity of the breach.
https://iili.io/KHOrI6u.png
https://iili.io/KHOru3b.png
The attacker, using the aliases “D4rkM4tt3r” or “JakeTheDog”, claimed affiliation with DeathNote Hackers (DNH), one of the more active hacking groups in the Philippines. The group has previously targeted local institutions and is known for publishing stolen data to expose security flaws.
The Deep Web Konek Cybersecurity Monitoring Division was also notified of a defacement incident involving UP Mindanao this month. Earlier today, the team received a new notification confirming that data dumps linked to the university were circulating online, escalating the case from defacement to a verified data breach.
On August 12, UP Mindanao released an advisory stating that no breach had occurred following the initial defacement report. However, the release of actual records confirms that the university’s systems were compromised despite those assurances.
UP Mindanao is now the third Philippine university to be breached within this week following the breach on Naga College Foundation Inc. and University of San Carlos, raising concerns over the state of cybersecurity across the country’s higher education sector.
