DepEd Laguna Data Breach: 7 Million Records Leaked by Threat Actors
A cybersecurity incident has hit the Department of Education (DepEd) Division of Laguna, with more than 7 million database records allegedly compromised and posted online by a group calling itself Quantum Security Group.
The threat group announced the breach through a post on a dark web forum on October 4, 2025, claiming responsibility for infiltrating DepEd Laguna’s servers and exfiltrating multiple databases. The post, which featured DepEd Laguna’s official seal, contained a provocative message reading:
> “Corruption in the government is the real security breach.”
According to the group’s disclosure, several database archives were taken, including files named db_stars.tar.gz, dcp.tar.gz, deped_tar.gz, emailsy1.tar.gz, office_letter.tar.gz, phpmyadmin.tar.gz, and trackit2025.tar.gz. These contain various records from the division’s internal systems.
Based on Deep Web Konek’s initial review of the data samples, the breach exposed highly sensitive information belonging to DepEd Laguna’s employees and system users. The compromised data includes user identification numbers (user_id), school IDs, and email addresses, which can be used to identify specific personnel and their respective institutions. Also included are assigned roles or job positions, as well as the names of schools and district affiliations — potentially mapping out the internal organizational structure of DepEd Laguna.
In addition, the dataset features contact information such as phone numbers and email details, full names (first, middle, and last names), and school-based positions. Most concerningly, the files also contain usernames and plaintext passwords, which, if reused on other accounts, could lead to credential-based attacks. The leak further appears to include client images, suggesting that profile pictures or identification photos of personnel were also stored in the breached systems.
Quantum Security Group, in its statement, emphasized that the breach was meant to serve as a “lesson” to the government, claiming the incident was a result of negligence and corruption. The group wrote:
> “We accumulated 7 million records. There are also records that have PI/SPI of your employees. That’s kinda bad. I hope this will teach you a lesson.”
As of this writing, DepEd Laguna has not yet released an official statement regarding the reported data breach, nor has it confirmed the scope or legitimacy of the exposed data.
