SchoolBreach.org
BreachesTrendsToolsLearnAbout
Free Security Check
Security Check
SchoolBreach.org

A public resource tracking data breaches in Philippine schools. Helping administrators protect student data through awareness, education, and free security tools.

© 2026 SchoolBreach.org · A community service by OceanEd

Navigate

  • Breaches
  • Trends
  • Tools
  • Learn
  • Methodology

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Contact Us

Disclaimer: This tracker is maintained for educational and awareness purposes. Incidents are documented using threat intelligence monitoring, Philippine media reports, NPC filings, and responsible disclosures. Social media platforms are monitored for leads and are corroborated before publication or naming — never through active scanning or exploitation. Severity ratings and summaries are prepared with AI assistance and reviewed editorially. Full methodology →

Back to Breach Tracker
Website Defacement
MediumResolved

Camarines Sur Polytechnic Colleges (CSPC)

Camarines Sur Polytechnic Colleges' official website was hacked and visitors were redirected to pornographic sites. No sensitive data was compromised, but the incident exposed weak firewall protections and prompted a 10-year digital infrastructure improvement plan.

June 15, 2020Nabua, Camarines Sur, Bicol RegionNone (website only) records affected

Key Facts

Date of Incident
June 15, 2020
Date Discovered
June 15, 2020
Records Affected
None (website only)
Source
The Varsitarian
Data Types Exposed
Website content
Response / Action Taken

CSPC developed a 10-year digital infrastructure improvement plan, upgraded to hybrid on-premise and cloud-based systems with offsite backups.

What Happened

Administrators of Camarines Sur Polytechnic Colleges (CSPC) in Nabua, Camarines Sur got "bothered" when the college's official website could not be accessed, only to find out that visitors were being redirected to pornographic sites.

As CSPC's ICT Management Director Rey Cortez told The Varsitarian:

"The firewall is not so strong to filter kaya napasok kami."

The school, which serves approximately 4,000 students, never identified the perpetrators. The attack targeted only the website's index, redirecting users to malicious sites — no sensitive stakeholder data was compromised.

Impact

While no data was stolen, the incident was significant because:

  • The school's official web presence was hijacked to serve inappropriate content
  • It demonstrated that even basic perimeter defenses (firewalls) were inadequate
  • It was part of the broader wave of nearly 30 HEI websites attacked in June 2020

How CSPC Responded

The breach became a wake-up call. CSPC developed a 10-year development plan to improve its digital infrastructure, investing in new software and equipment. Cortez described the upgrades:

"Sa ngayon, maybe kasi habang tinataasan kasi natin 'yong security, siyempre 'yong attacks din natin is mas malakas din. 'Yong ginawa namin is mayroon na kaming tinatawag na on-premise, saka nakacloud-base or mayroon pa rin kaming backup sa ibang lugar to protect cybersecurity."

The school now maintains both on-premise and cloud-based infrastructure with offsite backups — a significant improvement from its pre-breach posture.

Lessons for Schools

  1. 1.Firewalls alone are not enough — layered security (WAF, IDS, regular patching) is essential
  2. 2.Website attacks affect trust — even without data theft, redirecting to malicious sites damages a school's reputation
  3. 3.Use breaches as catalysts — CSPC's 10-year plan shows how a security incident can drive long-term improvement
  4. 4.Invest in both on-premise and cloud — hybrid infrastructure with offsite backups provides resilience

Sources & References

All sources are independently verified. Access dates and archive links are recorded for each citation.

  1. [1]
    The Varsitarian — Hacked here, hacked there: Investments needed to repel cyberattacks — CSPC ICT director interview (September 1, 2024)
CSPCCamarines SurBicolwebsite redirectpornographic redirectfirewallCOVID-19 online learning

Related Incidents

High

DepEd Schools Division of Masbate

August 1, 2025

High

Rizal Technological University (RTU)

June 29, 2020

High

Our Lady of Fatima University (OLFU)

June 25, 2020

Know of a Breach?

Help us keep this tracker accurate and complete. Report school data breaches confidentially.

Report a Breach

Is This Entry Inaccurate?

If you represent the named institution or have evidence that corrects or updates this entry, you can request a correction or submit an official statement for publication.

We review all correction requests and respond within 5 business days. Verified corrections are applied promptly. Institutions may also submit a statement that will appear on this page as a right of reply.

Request a Correction

Protect Your School

Use our free tools and guides to assess your school's security posture.

Free Security ToolsGuides & Resources