FAR EASTERN UNIVERSITY

Student Portal
Personal Data Breach

Background

On June 3, 2020, we were alerted to the possibility that data under our control was compromised. However,
at that time, we were not able to confirm that a data breach occurred. To be safe, we engaged the services
of a third party to test our systems in FEU Manila, FEU Institute of Technology, and FEU Cavite.

On June 17, 2020, while a third party was conducting its testing, our Data Protection Officer received an e-
mail from one of our faculty members, showing a screenshot from a social media post of personal data from
forty four (44) students, password information included. We were then able to confirm the breach based on
the accuracy of the information exposed.

We sent a notice to the National Privacy Commission informing them of the data breach and got in touch
with the students whose data were confirmed as having been exposed in the social media post by the alleged
attacker.

We now understand that the Student Portal was attacked through what is known as an SQL injection attack
over several days in May 2020. This vulnerability was not made apparent to us in our prior assessments of
the Student Portal.

Data Involved

Based on the data fields presented in the e-mail, the attacker was able to gain access to more than one
database. We believe that the information that was compromised involve your:

1. Student ID
2. Student Name
3. Postal Address
4. FEU e-Mail Address
5. Student Portal Password
6. Birthday
7. Program
8. Contact Number

Addressing the Data Breach

Upon confirmation that the information was accurate, we forced a password reset for all accounts. We also
called the 44 students identified in the e-mail.

To protect your data, and upon confirmation of the breach, we immediately shut down the student portal in
the FEU website. We are now working on implementing measures to protect your information and your
password from SQL attacks.

Rest assured that when we restore the FEU Student Portal, we will have done our best to ensure that your
personal data is now safe.
Reducing Harm

As we communicated earlier, please change your password on all your online accounts, especially if these
passwords are the same as your old FEU password.

If you believe an attacker has compromised your account on another platform and you need help to recover
access to that account, you may contact us for help through our:

Data Protection Officer

Far Eastern University Manila
Nicanor Reyes Street, Sampaloc, Manila, Philippines 1015
dataprivacy@feu.edu.ph