Brinztech Alert: Data of Marikina Polytechnic College and a Philippine Government Department are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell two separate sets of data that they allege were stolen from public institutions in the Philippines: the Marikina Polytechnic College (MPC) and the Department of Budget and Management (DBM). According to the seller’s post, the MPC data is from the college’s Learning Management System (LMS) and includes student PII such as full names, birth dates, and emails. In a more alarming claim, the actor is also offering data related to the DBM, which purportedly includes information on organizations, departments, and “National Wealth Records.” The actor is also selling a tool to silently extract additional data from DBM systems.

This multi-faceted claim, if true, represents a significant security incident targeting both the educational and governmental sectors in the Philippines. The leak of student data creates an immediate risk of identity theft and fraud for a vulnerable population. Simultaneously, any compromise of the Department of Budget and Management is a matter of national concern, and the sale of a custom tool to exfiltrate more data suggests a persistent and sophisticated threat.

Key Cybersecurity Insights

This alleged data sale presents a critical, dual-pronged threat:

• Targeting of Student and Government Data: The actor is targeting two distinct but critical public sector entities. The alleged leak of student PII from Marikina Polytechnic College’s LMS creates a high risk of identity theft and targeted phishing for students and staff. At the same time, the DBM data, while downplayed by the seller, is a serious concern due to its potential connection to national financial records.
• Sale of a Targeted Attack Tool: The offer to sell a tool to “silently extract full names from DBM” is a major red flag. It indicates the attacker is not just selling a static database but also the means to conduct further, ongoing attacks against the government department. This signifies a more advanced and persistent threat.
• High Risk of Phishing and Social Engineering: The combination of student data from a college and organizational data from a government department provides a rich resource for criminals to launch highly contextual and convincing phishing campaigns against a wide range of individuals in the Philippines.

Mitigation Strategies

In response to these claims, both institutions must take immediate and decisive action:

• Launch a Coordinated Investigation: The Philippine government, through its cybersecurity agencies (CERT-PH), the Commission on Higher Education, and the DBM, must immediately launch a coordinated investigation to verify these two separate but potentially related claims.
• Secure the LMS and Mandate Credential Resets (for MPC): Marikina Polytechnic College must assume its LMS is compromised. This requires an immediate password reset for all students and staff, a full security audit of the LMS platform to find and patch the vulnerability, and the enforcement of Multi-Factor Authentication (MFA).
• Harden DBM Systems and Hunt for Intrusions (for DBM): The Department of Budget and Management must conduct a comprehensive compromise assessment and proactive threat hunt across its networks. The goal is to find any signs of the attacker’s presence or the alleged “extraction tool” and to strengthen all security controls to prevent data exfiltration.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com