Back to Breach Tracker
Website Defacement
MediumResolved

Camarines Sur Polytechnic Colleges (CSPC)

Camarines Sur Polytechnic Colleges' official website was hacked and visitors were redirected to pornographic sites. No sensitive data was compromised, but the incident exposed weak firewall protections and prompted a 10-year digital infrastructure improvement plan.

June 15, 2020Nabua, Camarines Sur, BicolNone (website only) records affected

Key Facts

Date of Incident
June 15, 2020
Date Discovered
June 15, 2020
Records Affected
None (website only)
Source
The Varsitarian
Data Types Exposed
Website content
Response / Action Taken

CSPC developed a 10-year digital infrastructure improvement plan, upgraded to hybrid on-premise and cloud-based systems with offsite backups.

What Happened

Administrators of Camarines Sur Polytechnic Colleges (CSPC) in Nabua, Camarines Sur got "bothered" when the college's official website could not be accessed, only to find out that visitors were being redirected to pornographic sites.

As CSPC's ICT Management Director Rey Cortez told The Varsitarian:

> "The firewall is not so strong to filter kaya napasok kami."

The school, which serves approximately 4,000 students, never identified the perpetrators. The attack targeted only the website's index, redirecting users to malicious sites — no sensitive stakeholder data was compromised.

Impact

While no data was stolen, the incident was significant because:

  • The school's official web presence was hijacked to serve inappropriate content
  • It demonstrated that even basic perimeter defenses (firewalls) were inadequate
  • It was part of the broader wave of nearly 30 HEI websites attacked in June 2020

How CSPC Responded

The breach became a wake-up call. CSPC developed a 10-year development plan to improve its digital infrastructure, investing in new software and equipment. Cortez described the upgrades:

> "Sa ngayon, maybe kasi habang tinataasan kasi natin 'yong security, siyempre 'yong attacks din natin is mas malakas din. 'Yong ginawa namin is mayroon na kaming tinatawag na on-premise, saka nakacloud-base or mayroon pa rin kaming backup sa ibang lugar to protect cybersecurity."

The school now maintains both on-premise and cloud-based infrastructure with offsite backups — a significant improvement from its pre-breach posture.

Lessons for Schools

  1. 1.Firewalls alone are not enough — layered security (WAF, IDS, regular patching) is essential
  2. 2.Website attacks affect trust — even without data theft, redirecting to malicious sites damages a school's reputation
  3. 3.Use breaches as catalysts — CSPC's 10-year plan shows how a security incident can drive long-term improvement
  4. 4.Invest in both on-premise and cloud — hybrid infrastructure with offsite backups provides resilience

Sources & References

  1. [1]
    The Varsitarian Hacked here, hacked there: Investments needed to repel cyberattacks — CSPC ICT director interview (September 1, 2024)
CSPCCamarines SurBicolwebsite redirectpornographic redirectfirewallCOVID-19 online learning