Brinztech Alert: Database of the University of the Philippines Mindanao is Leaked

Dark Web News Analysis

A threat actor named ‘Seve’ has claimed responsibility for a significant data breach at the University of the Philippines Mindanao (UPMin), leaking the university’s core databases on a hacker forum. This claim, if true, represents a critical, active data breach of a state university, and it directly contradicts official university statements from earlier this year.

In August 2025, UPMin’s Computerized Student Records System (CSRS) was hacked, forcing the university to take systems offline during enrollment. At the time, the university’s preliminary findings “indicated no evidence of a data breach or leakage of sensitive information.”

This new leak from ‘Seve’ appears to be the stolen data from that exact incident. The attacker has now publicly leaked the “crown jewels” of the university’s IT systems, including:

• srs.sql & srslog.sql: The Student Records System database and its logs. This is a catastrophic PII leak, likely containing the personal, academic, and contact information for all students.
• mysql.sql: The MySQL database configuration file. This file would contain the hashed (and possibly plaintext) root credentials for the database, proving the attacker had deep, administrative access.
• dhone_omm.sql: The Online Manuscript Manager, a breach of intellectual property.
• upmiims.sql: The UP Mindanao Institutional Information Management System.

This is not an isolated incident. It is the latest in a catastrophic, multi-year cyber crisis in the Philippines, which has seen its national health service (PhilHealth, breached by Medusa in 2023), Congress, national statistics office (PSA), and numerous other government agencies all suffer massive, uncontained data breaches. This attack on the university system proves the threat is systemic and ongoing.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• Exposure of Highly Sensitive Personal Data: The leak of srs.sql (Student Records System) directly exposes confidential student information, creating significant privacy risks and potential for identity theft or targeted phishing attacks against students and potentially faculty.
• Critical System Configuration and Credential Compromise: The presence of mysql.sql indicates a potential compromise of database configuration details and possibly credentials, which could lead to further exploitation of other connected systems or facilitate deeper access into the university’s IT infrastructure.
• Vulnerability in Core Educational/Operational Systems: Databases like the Online Manuscript Manager (dhone_omm.sql) and UP Mindanao IIMS (upmiims.sql) suggest that critical academic and institutional operational systems were breached, impacting the integrity and availability of university services.
• Attacker Observation of Post-Breach Measures: The attacker’s comment about the university taking measures after discovery implies that the initial breach went undetected or unmitigated for some time, highlighting potential gaps in proactive threat detection and incident response capabilities.

Mitigation Strategies

In response to this claim, the university and all public-sector entities must take immediate action:

• Immediate Credential Rotation and System Hardening: All database, system, and administrative credentials associated with the compromised systems (especially MySQL and student record systems) must be immediately invalidated and rotated. Conduct a thorough security audit and harden all exposed services and configurations.
• Comprehensive Data Breach Response and Notification: The university must conduct a forensic investigation to determine the full scope of the breach, identify all affected individuals, and comply with all relevant data privacy regulations (specifically, the Data Privacy Act of 2012) for mandatory data breach notification to students, faculty, and the National Privacy Commission (NPC).
• Enhanced Network Segmentation and Access Controls: Implement stringent network segmentation to isolate critical student and administrative data systems from less secure environments. Review and enforce the principle of least privilege for all user accounts and system access, ensuring only necessary access is granted.
• Proactive Vulnerability Management and Penetration Testing: Establish a continuous vulnerability management program that includes regular vulnerability scanning, penetration testing, and security assessments of all public-facing and internal systems to identify and remediate weaknesses before they can be exploited.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com