Over 200,000 student and parent data exposed in PH educ platform

Over 200,000 student and parent data exposed in PH education platform

/ 09:47 AM February 23, 2024
Over 200,000 student and parent data exposed in PH education platform
Cybersecurity researcher Jeremiah Fowler says a total of 210,020 student and parent data amounting to 153.76 GB were left unprotected in the Online Voucher Application (OVAP), which was developed by the Philippines’ Department of Education as a means for eligible students to seek financial assistance. Free stock photo from Pexels

MANILA, Philippines — A total of 210,020 student and parent records amounting to 153.76 GB were left unprotected in the Online Voucher Application (OVAP). 

Cybersecurity researcher Jeremiah Fowler said the platform had no password protection, letting anyone with an internet connection access them.

Fowler said the database contained Personal Identifiable Information or PII, including the following: 

Article continues after this advertisement

Applicant’s Personal Data:

FEATURED STORIES
  • Full name
  • Learner Reference Number (LRN)
  • Date of birth
  • Gender
  • City/Municipality and Province of birth
  • Citizenship/Nationality
  • Home address and contact information (mobile phone, landline number, email address)
  • Junior High School enrolled in (including address and school fees)
  • If applicable, whether the applicant has received financial assistance from the school

Applicant’s Family Data:

  • Father/Mother/Guardian’s name
  • Source/s of income
  • Gross monthly income
  • Proof of financial capacity
  • Sibling/s name and age
  • Properties owned (vehicle, real estate, house)
  • If the child is sponsored by someone other than a parent or guardian: supporting documents indicating source/s of income, gross monthly income of the person helping send the child to school, proof of financial capacity

READ: DepEd: No hacking in regional offices despite alleged data leak

Article continues after this advertisement

The co-founder of Security Discovery discovered and reported the leak to the vpnMentor company on February 20, 2024.

Article continues after this advertisement

Fowler sent a responsible disclosure notice to the DepEd and the National Privacy Commission (NPC) of the Philippines. In response, the latter allegedly said it had secured the database and was investigating the incident further.

Article continues after this advertisement

However, Fowler said it was unclear how long the records were exposed or if anyone else gained access to the database. 

READ: How to share your Wi-fi password

Article continues after this advertisement

The Department of Education developed the OVAP as a means for eligible students to seek financial assistance. They could apply for vouchers to cover Senior High School education costs in private and participating non-public schools. 

The online platform helps students and parents submit applications and required documents electronically. However, Fowler said only an internal forensic audit would be able to identify unauthorized access or potential malicious activity. 

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Read more about this report here.

TOPICS: Cybersecurity, data breach, DepEd
TAGS: Cybersecurity, data breach, DepEd

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.