Cyber Incident Victim: Cebu Normal University

On June 17, 2020, unknown hackers breached subdomains of the Cebu Normal University (CNU) website, specifically targeting the Library and Journal for Higher Education (JHE) sections. The university publicly acknowledged the incident through a Facebook statement on June 19, 2020, confirming the unauthorized access and prompting concerns among students regarding potential exposure of personal data. CNU’s Information and Communications Technology Office (ICTO) Head, Omar Roma, clarified that only JHE data was compromised, consisting of names, email addresses, and country listings, which he classified as non-sensitive personal information. The university’s external ICT service provider, CVISNET Foundation, Inc., collaborated with CNU to implement stringent security measures following the breach. By the afternoon of June 19, CNU’s Learning Resource Center announced the temporary suspension of the affected subdomain while investigations continued, directing students to an alternative link for accessing online document delivery services during the disruption.

The incident coincided with reports of a potential data exposure involving 1,000 students at Far Eastern University on the same day, highlighting broader cybersecurity challenges within Philippine educational institutions that month. Earlier in June 2020, the University of the Philippines Visayas and San Beda University had also disclosed cyberattacks targeting their website and student portal, respectively. CNU’s public disclosure emphasized containment efforts through its partnership with CVISNET but did not specify technical details of the attack vector or identify responsible actors. Student concerns about data privacy persisted despite official assurances regarding the limited scope of breached information. The university maintained operational continuity for library services via the alternative access method while forensic reviews and security enhancements proceeded.