FOLLOWING a recent data breach, the University of Southeastern Philippines (Usep) announced that it has migrated to a more secure server, removed malicious redirection codes, and begun implementing broader measures to prevent similar incidents from happening again.
The university confirmed that unauthorized access occurred in its Student Records Information System (SRIS) after reports circulated online that a hacker was allegedly selling its database.
Last week, cybersecurity monitoring group Deep Web Konek flagged a Facebook post by a user going by the alias “MaxxX,” who advertised what was described as a dataset containing more than 175,000 lines of information from USeP.
The alleged leak included student ID numbers, names, email addresses, enrollment status, and academic monitoring records.
In an advisory, USeP explained that the SRIS is designed only as a platform for tracking and processing requests for student and alumni credentials, and does not actually store the credentials themselves. The breach, the university said, was limited to the website that manages such requests.
The institution emphasized that once the breach was discovered, operations of the affected system were immediately suspended to contain the risk.
USeP has since rolled out a series of improvements to strengthen its defenses. These include the conduct of vulnerability assessments, transition to a more secure web development framework, enhancement of firewalls and intrusion detection systems, stricter user authentication protocols, and reinforced system monitoring and patching.
University officials also advised students, alumni, and other stakeholders to take proactive steps to protect their accounts by updating passwords, reviewing security questions, enabling multifactor authentication, and monitoring both personal and institutional accounts for suspicious activity.
USeP assured the public that its response is aligned with the provisions of the Data Privacy Act of 2012, the issuances of the National Privacy Commission (NPC), and its internal Data Privacy Manual.
The incident adds to a growing list of recent cyberattacks and data exposure claims involving Philippine institutions, among them the Department of Health, Saint Pedro Poveda College, and the Embassy of India in Manila.
Experts warn that such cases underscore the urgent need for stronger digital resilience across the country’s public and private sectors.
Cybersecurity experts said these breaches underscore the urgent need for stronger digital resilience, especially as schools, government agencies, and private companies increasingly depend on online systems to store and process sensitive information.
Cybersecurity, they explained, is not just about installing anti-virus software or firewalls; it involves a continuous process of identifying threats, strengthening defenses, and ensuring that people are aware of the risks.
For students and alumni, this means that something as simple as reusing old passwords or clicking on suspicious links could open doors for hackers. For institutions, it means investing in secure infrastructure, training personnel, and staying updated against ever-evolving cyber threats.
In the digital age, cybersecurity has become as essential as physical security. Just as universities put locks and guards on their campuses to protect their communities, experts stress that investing in strong digital safeguards is equally vital to protect students, their records, and their future. DEF