Davao City, Philippines — September 4, 2025
The University of Southeastern Philippines (USeP) confirmed on Thursday that its Student Records Information System (SRIS) suffered a data breach, following claims posted on Facebook by a page linked to the “Deep Web Konek” community.
The post alleged that a threat actor known as “MaxxX” had compromised the university’s database and obtained approximately 175,000 records, including student ID numbers, names, email addresses, enrollment statuses, and request-monitoring logs.
In a statement, USeP’s Systems and Data Management Division (SDMD) confirmed “an unauthorized disclosure of data” involving the SRIS. The university clarified that while the system manages and tracks requests for student credentials, it does not contain the actual credentials themselves. Instead, the compromised data pertains to the processing of requests from students and alumni.
“Immediately upon discovery of the breach, operations of the affected system were suspended,” USeP said, stressing that the institution is treating the incident with the “utmost seriousness.” The university has since migrated to a more secure server and removed malicious codes linked to the attack.
Strengthened Cybersecurity Measures
USeP outlined a series of countermeasures to prevent future breaches, including:
- Regular vulnerability assessments and penetration testing.
- Adoption of a more secure web development framework.
- Enhanced Web Application Firewall (WAF) and intrusion detection.
- Strengthened patching, monitoring, and audit logs.
- Improved authentication and access control systems.
- Strict enforcement of institutional policies on data breach response and management.
Students and Alumni Urged to Take Precautions
The university strongly advised all affected data subjects—both students and alumni—to remain vigilant by monitoring their personal and official accounts for unusual activity. USeP urged its community to watch out for phishing attempts, adopt stronger passwords, update security questions, and enable multi-factor authentication, particularly if the same credentials are used across different platforms.
The University’s Office of Legal Affairs–University Data Protection Office (OLA-UDPO) is handling inquiries and reports related to the breach and can be reached via (082) 227-8192 local 261 or email at udpo@usep.edu.ph.
USeP assured the public that all necessary actions are being carried out in compliance with the Data Privacy Act of 2012, issuances of the National Privacy Commission, and its internal Data Privacy Manual.
“The University expresses its utmost concern regarding this incident and affirms that all appropriate and necessary measures are being undertaken… to mitigate its impact and prevent its recurrence,” the statement concluded.