Cyber Incident Victim: San Beda University

On or around June 4, 2020, an unidentified hacker breached the student portal of San Beda University (SBU), compromising personal data and social media passwords belonging to thousands of students. The attacker publicly released the stolen credentials on Twitter, though the exact scope of the exposed records was not quantified in available reports. SBU acknowledged the incident in a June 6 statement to its community, confirming unauthorized access to email addresses and passwords used for the student portal. The university attributed the breach to an "unknown entity" that illegally disseminated the data via social media. No technical details about the intrusion method or specific vulnerabilities exploited were disclosed by the institution. The incident exposed students to potential identity theft and account hijacking risks due to the compromise of authentication credentials.

Concurrently, reports emerged about suspicious "dummy" accounts impersonating students and alumni of University of the Philippines Cebu (UP Cebu), though this incident was not conclusively linked to the SBU breach. UP Cebu officials denied a breach of their primary Student Academic Information System (SAIS), clarifying that hackers had targeted an evaluation system instead. Chancellor Liza Corro asserted no sensitive personal information was leaked from UP Cebu's systems, despite social media activity affecting both affiliated and unaffiliated individuals. The timing of both incidents—with UP Cebu's dummy accounts appearing shortly after SBU's breach announcement—prompted media coverage suggesting potential connections, though no technical evidence or attribution confirmed a relationship between the two events. Neither institution disclosed remediation steps taken to secure their systems post-breach.