Attackers hacked UNIFAST database compromising personal data of over 1 million TES applicants

• On March 16, 2019, hackers gained unauthorized access to UNIFAST database, deleted the contents, and dropped ransomware on the database.
• The incident has impacted almost 1,130,899 Tertiary Education Subsidy (TES) applicants whose private data has been compromised in the hack.

Senator Sherwin Gatchalian, chairman of the Senate Economic Affairs Committee, revealed that the database of the Unified Student Financial Assistance System for Tertiary Education (UNIFAST) has been hacked.

What is the impact?

The incident has impacted almost 1,130,899 Tertiary Education Subsidy (TES) applicants whose private data has been compromised in the hack.

What data was exposed?

The database contained TES applicants’ personal information such as student identification numbers, names, dates of birth, parents’ names, and addresses.

What happened?

On March 16, 2019, hackers gained unauthorized access to UNIFAST database, deleted its contents, and dropped ransomware on the database. The ransom note threatens to publish victims’ private unless a ransom is paid.

Upon learning the incident, Gatchalian urged government agencies to immediately report the data breach to the National Privacy Commission (NPC). However, the Secretariat of UNIFAST reported the incident to the NPC only in mid-April.

It is to be noted that few weeks before the data breach, Gatchalian has advised the UNIFAST Secretariat to be more vigilant in securing and storing personal data of students as he observed a string of hacks on government websites.

“The UNIFAST breach itself is alarming enough. But when you take into consideration the April 1 hack that leaked the Scout Ranger database of the Philippine Army (PA), unscrupulous persons could cross-reference both databases to determine where our soldiers live,” Gatchalian said.