Brinztech Alert: 155k Student Records from the University of San Carlos Leaked

Dark Web News Analysis: University of San Carlos Student Academic Records Leaked

A significant data breach impacting the University of San Carlos, a prominent educational institution in the Philippines, has been discovered. The leak involves two large sets of student data, including their complete, permanent academic records. The breach, totaling 1.42GB, exposes a massive amount of highly sensitive student information and represents a critical privacy failure. The compromised data is separated into two categories:

• Partial Student Records (155,300): This set includes names, places of birth, addresses, LRN (Learner Reference Number), and dates of birth.
• Complete Academic Records (11,877): This set includes full “Form 137” files. In the Philippines, a Form 137 is a student’s permanent and official academic transcript, containing a comprehensive history of their grades and personal details.

Key Cybersecurity Insights

The exposure of official, permanent academic records like the Form 137 is a catastrophic event for the students involved, with risks that can last a lifetime.

• Leak of “Form 137” Academic Records Creates a Lifelong Identity Risk: The Form 137 is a student’s official academic history in the Philippines. Its exposure is a severe breach of privacy. This document contains a lifetime of personal and academic data that criminals can use for highly sophisticated identity theft, to create fraudulent academic credentials for employment, or for blackmail and extortion for years to come.
• Massive PII Leak Enables Widespread Scams: The separate leak of over 155,000 partial records containing names, addresses, and birth dates provides a massive target list for criminals. This data will be used to launch large-scale phishing and fraud campaigns against a huge portion of the university’s current and past student body.
• A Devastating Breach of Trust for a Major University: An educational institution has a fundamental duty to protect its students’ most sensitive data. A failure of this magnitude is a severe breach of trust that will damage the University of San Carlos’s reputation. It is also a major violation of the Philippines’ Data Privacy Act, which will likely trigger a government investigation and significant penalties.

Critical Mitigation Strategies

The University of San Carlos must launch an urgent and transparent incident response, and all current and former students must be on high alert for identity theft.

• For the University of San Carlos: Immediately Activate Incident Response: The university must immediately activate its incident response plan to investigate the source of the leak, determine the full scope of exposed student data, and take decisive action to contain the breach and secure its systems.
• For the University: Secure All Accounts and Notify the Community: A mandatory password reset for all current student, faculty, and staff online accounts is a critical first step. The university must also provide clear, transparent, and timely notification to all affected individuals, in full compliance with the Philippines’ Data Privacy Act.
• For Affected Students and Alumni: Be on Maximum Alert for Identity Theft: All current and former students of the university must assume their data is compromised. They need to be extremely vigilant for signs of identity theft, closely monitor their financial accounts, and be highly suspicious of any unsolicited communications that use their personal or academic information to appear legitimate.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com