What Happened
On June 18, 2020, a hacker using the handle "Mr. Supremo" gained unauthorized access to the website of the Department of Education (DepEd) Caraga regional office at caraga.deped.gov.ph.
This breach is notable as it targeted a government education office rather than an individual school, potentially affecting education data across the entire Caraga region.
Why This Breach Matters
- Government office targeted — breaching a DepEd regional office could expose data covering all schools in the region
- Independent attacker — Mr. Supremo was not affiliated with Pinoy Grayhats, showing multiple attackers targeting education sector
- Government .gov.ph domain — the breach of a government domain carries additional implications for public trust
Context
The DepEd Caraga breach foreshadowed the larger DepEd data breaches that would occur in subsequent years, including the massive DepEd Laguna (7M+ records) and DepEd CAR (6M+ records) breaches in 2025.
Lessons for Schools
- 1.Government education portals need security — DepEd regional offices hold aggregated data from all schools in their jurisdiction
- 2.Regular security assessments — government websites should undergo regular vulnerability assessments as mandated by DICT
- 3.Incident response coordination — regional offices should coordinate with DICT-CERT for incident response
Sources & References
- [1]GitHub Registry — Community-maintained registry of Philippine school hacking incidents (May-June 2020)
DepEdCaragaButuanMr. Supremo2020pandemicgovernmentregional office