Cyber Incident Victim: University of the Philippines Visayas

On June 11, 2020, the University of the Philippines Visayas (UPV) confirmed through its official Facebook page that its primary website, upv.edu.ph, had been defaced. The institution immediately took the web server offline upon discovering and verifying the unauthorized alteration. This action was implemented to contain the incident and prevent additional damage while their technical team initiated a comprehensive security audit of all institutional systems. UPV communicated directly with its constituents via the social media announcement, stating the temporary takedown was necessary to facilitate forensic examination and system remediation. The technical team prioritized securing other infrastructure components to mitigate potential lateral movement by threat actors, though no evidence of further compromise was disclosed. No specific details regarding the defacement’s content, the attackers’ identity, or the initial detection method were provided in the public statement.

The incident disrupted access to UPV’s official online resources, though the duration of the outage remained unspecified. The university committed to providing updates as the investigation progressed, emphasizing transparency within the constraints of ongoing remediation. This attack occurred amid a broader pattern of cyber incidents targeting Philippine educational institutions in mid-2020, including a separate defacement at UP Cebu and a data breach at San Beda University that exposed sensitive student records. UPV’s response focused on containment through infrastructure isolation, system hardening, and procedural reviews to restore operational integrity. The public advisory did not indicate whether user data or internal systems beyond the webserver were affected, nor did it specify a timeline for full restoration of services.