What Happened
The University of the Philippines Mindanao (UP Mindanao) experienced a data breach in August 2025 involving its Computerized Student Records System (CSRS). On August 11, 2025, an unauthorized message was detected on the platform, prompting the IT Office to take the system offline within minutes. A threat actor using the aliases “D4rkM4tt3r” or “JakeTheDog,” claiming affiliation with DeathNote Hackers (DNH), leaked approximately 19,000 records in a 1.3 MB CSV file containing sensitive information including student numbers, names, degree programs, enrollment timelines, registration status, gender, college, department, year level, and university email addresses, as well as faculty data with dates of birth, employee IDs, marital status, and email addresses. The university initially denied a breach on August 12, but the subsequent release of actual records confirmed the compromise of its systems. UP Mindanao was the third Philippine university breached within that week, raising concerns about cybersecurity in the country’s higher education sector.
