Threat Actor: Unknown | unknown
Victim: Center for Educational Measurement, Inc. | Center for Educational Measurement, Inc.
Price: Not disclosed
Exfiltrated Data Type: Personal, educational, and medical information
Key Points :
- Over 271,570 unique email addresses and passwords were leaked.
- Compromised data includes personal details such as full names, passport numbers, and dates of birth.
- Education-related information such as college details, test scores, and application statuses were exposed.
- Sensitive medical information, including assistance requirements and DSWD card details, was also part of the breach.
- The breach poses risks of identity theft, phishing attacks, and exploitation of personal data.
- No official statement from CEM regarding the breach or mitigation steps has been released yet.
- Affected individuals are advised to change passwords and monitor accounts for unusual activity.
A massive data breach has been reported involving the Center for Educational Measurement, Inc. (CEM) based in the Philippines.
The breach, revealed on October 16, 2024, has exposed highly sensitive data, including more than 271,570 unique email addresses, passwords, and personal information.
The leaked data contains a wide array of sensitive details. From the SQL database schema, the compromised information includes basic personal details such as full names, email addresses, passport numbers, dates of birth, gender, nationality, and religion. Additionally, contact information was exposed, including mailing addresses (up to four lines), home addresses, mailing and home provinces, zip codes, and countries, along with landline and mobile phone numbers.
Education-related data was also part of the breach, with college details such as country, province, city, type of institution (public/private), course, and graduation year included. Test and application data were compromised as well, featuring applicant IDs, application and test dates, test center information, test scores, application status, and choices of educational institutions or centers. The exposure of such information can have significant consequences for those engaged in academic testing and applications.
Furthermore, the breach revealed sensitive medical information. This includes whether medical assistance was required, medical descriptions, and Department of Social Welfare and Development (DSWD) card information for applicants who needed social assistance. The leak also included details about special assistance, specifying the type and description of the required assistance.
Other details involved in the breach include fields like method (which could refer to application or payment methods), branch information, and system-specific fields such as “syno” and “share,” which may relate to data-sharing permissions or internal system operations.
The breach impacts individuals who have interacted with the Center for Educational Measurement, Inc., primarily students and staff who submitted sensitive personal information for testing and applications. Given the breadth of data compromised, the risks include identity theft, phishing attacks, and the exploitation of personal, educational, and medical details. The exposure of test scores and application statuses, in particular, could have far-reaching consequences for the affected individuals.
As of now, CEM has not released an official statement regarding the breach or outlined the steps being taken to mitigate the damage. Affected individuals are urged to change their passwords immediately and monitor their accounts for unusual activity. Additionally, they should remain cautious of potential phishing attempts or other suspicious communications.