What was discovered in the database associated with the Philippines' Department of Education?

A non-password-protected cloud storage database associated with the Philippines' Department of Education (DepEd) and the Private Education Assistance Committee (PEAC) Online Voucher Application (OVAP) program was found exposed online. It contained 210,020 records, totaling 153.76 GB, including highly sensitive Personally Identifiable Information (PII) such as tax filings, voucher applications, consent forms, financial documents, certificates, full names, dates of birth, addresses, phone numbers, employer details, tax identification numbers, and image files of children.

What steps were taken upon the discovery of the exposed database?

Upon discovery, the security researcher promptly notified the Philippines' Department of Education (DepEd) and the National Privacy Commission (NPC), which secured the database and initiated further investigations into the ownership, management of the database, the duration of exposure, and whether any unauthorized access occurred.

What kind of information did the exposed database contain?

The exposed database contained a wide range of highly sensitive Personally Identifiable Information (PII), including tax filings, voucher applications, consent forms, financial assistance documents, local government certifications, certificates of employment, death certificates, full names, dates of birth, addresses, phone numbers, employer details, tax identification numbers, and image files of children.

What remains unclear about the exposed database?

The ownership and management of the exposed database, the duration of its exposure, and whether it was accessed by unauthorized parties remain unclear. Investigations by the Department of Education and the National Privacy Commission are ongoing to address these concerns.

Incident

Phillipine Online Voucher Application leaks data of over 200,000 students

published: Feb. 20, 2024

Learn More

Jeremiah Fowler, a secuyrity researcher is reporting a non-password-protected cloud storage database was found exposed online containing 210,020 records, totaling 153.76 GB.

The database is associated with the Philippines' Department of Education (DepEd) and the Private Education Assistance Committee (PEAC) Online Voucher Application (OVAP) program. This program was established to facilitate the application process for financial aid for Senior High School education in private and non-public schools through the submission of electronic documents.

The database contained highly sensitive Personally Identifiable Information (PII), including:

tax filings,
voucher applications,
consent forms,
financial assistance documents,
local government certifications,
certificates of employment,
death certificates,
full names,
dates of birth,
addresses,
phone numbers,
employer details,
tax identification numbers,
image files of children.

Upon discovery, the researcher promptly notified DepEd and the National Privacy Commission (NPC) of the Philippines, which secured the database and initiated further investigations.

The ownership and management of the database, the duration of exposure, and whether any unauthorized access occurred remain unclear.

Phillipine Online Voucher Application leaks data of over 200,000 students

Read More
DoJ and DoD email addresses exposed in MOVEit …
Uttarakhand State Data Center hit by ransomware, disrupts …
Lanark County family services report data breach
City of St. Cloud, Florida hit by ransomware, …
Union County hit by ransomware attack compromising personal …