De La Salle University (DLSU) in Manila announced that it experienced a cybersecurity incident that affected its on-premise-hosted applications. According to a statement on its official Facebook page posted, the incident occurred on Monday, October 9, 2023. It did not compromise student records and cloud-hosted applications, according to the university.
DLSU said it has also engaged global cybersecurity company Mandiant to assist in the investigation and recovery of its systems. It has also taken a number of steps as a preventive measure, such as advising its community members to change their passwords and enabling multi-factor authentication, taking network systems offline, and restricting the use of DLSU-issued computers and laptops.
As a result of the cyberattack, DLSU shifted some of its classes to online until further notice. According to The LaSallian, computer laboratories and lecture classes at the Manila campus will shift to online classes from October 11 to 14. Meanwhile, in-person exams, science and engineering laboratory classes that do not use computers, and PE classes will continue with face-to-face classes.
The university also apologized for the inconvenience caused by the incident and assured its stakeholders that it is doing its best to restore normal operations as soon as possible.
DLSU is not the first academic institution in the Philippines to suffer a data security breach. In 2020, the Polytechnic University of the Philippines (PUP) confirmed that hackers leaked personal data of students and alumni online.
Cybersecurity experts have warned that educational institutions are vulnerable targets for cybercriminals because they often store sensitive data and have limited resources to protect their networks. Schools are advised to implement security measures such as encryption, backup, firewall, antivirus, and user education to prevent or mitigate cyberattacks.