Nearly 1M DepEd Records Allegedly Exposed in Training Platform Breach, Claimed by NullSec Philippines
A dataset allegedly originating from the training platform of the Department of Education (DepEd) is currently circulating online after being claimed and released by NullSec Philippines, with further amplification by Deathnote Hackers International. The actors pointed to training.deped.gov.ph as the source of the data, sharing download links and preview screenshots across social media to support their claims.
The exposed file is described as a CSV dataset containing approximately 999,995 records, with fields that include full names, email addresses, user IDs, location data (city and country), account status, and profile links. The scale and structure suggest that the data may have originated from a training or learning management system used within DepEd. The accompanying posts framed the breach as part of a hacktivist effort, citing issues such as poor school conditions and unresolved bullying cases, blending advocacy with data exposure.
The DWK Team conducted an initial validation of the circulated dataset and supporting images. Findings show that the dataset’s record count aligns closely with the claimed volume, while the internal breakdown indicates around 874,770 entries without email values and approximately 125,224 with valid email addresses, totaling nearly one million users. The format and schema are consistent with structured institutional databases, and sample entries display realistic naming patterns. Based on these indicators, DWK assesses the dataset as likely authentic with strong internal consistency, although full forensic confirmation of system origin remains ongoing.
The operation has been attributed to NullSec Philippines, with Deathnote Hackers International acting primarily as an amplifier to widen reach and visibility. This incident reflects a continuing trend of narrative-driven hacktivism, where threat actors combine data leaks with social or political messaging. While the concerns raised in their statements may resonate with certain audiences, the exposure of personal data introduces risks that extend far beyond the intended message.
DWK advises individuals to remain cautious of unsolicited communications, especially those referencing educational platforms or requesting sensitive information. Institutions are urged to conduct immediate security reviews, strengthen access controls, and ensure compliance with data protection regulations, including timely disclosure if a breach is confirmed.
The Deep Web Konek Team will continue monitoring developments related to this incident. As of now, the breach is considered credible and high-impact, involving a large dataset allegedly linked to DepEd’s training platform.
