Keio University Confirms Data Breach Affecting Thousands of SFC-CNS Email Accounts
Keio University’s Shonan Fujisawa Campus (SFC) has disclosed a data breach involving its SFC-CNS email service, likely exposing sensitive information of thousands of users. The incident, detected on November 26, 2025, stemmed from unauthorized access to the university’s spam quarantine server, which was later found to have been exploited via a zero-day vulnerability in its software.
Investigations revealed that attackers may have accessed data from the directory server, which stores user credentials and personal information. On December 22, the university confirmed that 6,447 accounts—including those of current students, faculty, staff, recent graduates, and suspended users—were compromised. Exposed data includes email addresses, hashed account login passwords, plaintext email passwords, Wi-Fi passwords (reversibly encrypted), full names, ID numbers, and forwarding email addresses. An additional 1,025 March 2025 graduates had only their email addresses exposed.
The spam quarantine server, which stores flagged emails, may have also leaked up to 222,508 messages (linked to 984 email addresses) and 1,613 safe/block list entries, though the university assessed the risk of large-scale data exfiltration from this server as low.
In response, Keio University mandated password resets for all affected accounts—first for email services on December 23 and later for account logins on December 25. The incident has been reported to government agencies and law enforcement, though no secondary misuse of compromised data has been confirmed to date. The university continues to monitor the situation and implement additional security measures.
Source: https://www.keio.ac.jp/en/news/2026/Jan/7/48-171848/
Keio University Global Research Institute (KGRI) cybersecurity rating report: https://www.rankiteo.com/company/kgri
"id": "KGR1767786033",
"linkid": "kgri",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6,447 SFC-CNS accounts '
'(students, faculty, staff, '
'graduates, and suspended users)',
'industry': 'Education',
'location': 'Japan',
'name': 'Keio University Shonan Fujisawa Campus (SFC)',
'type': 'Educational Institution'}],
'attack_vector': 'Zero-day attack',
'customer_advisories': 'Public disclosure and contact information for '
'inquiries provided.',
'data_breach': {'data_encryption': 'Mixed (hashing for passwords, reversible '
'encryption for Wi-Fi passwords)',
'data_exfiltration': True,
'number_of_records_exposed': '6,447 accounts (directory '
'server) + 222,508 emails '
'(quarantine server)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, passwords, and '
'authentication data)',
'type_of_data_compromised': ['Email addresses',
'Password hashes',
'Plaintext email passwords',
'Wi-Fi passwords (reversible '
'encryption)',
'Full names (kanji and Roman '
'alphabet)',
'Student/faculty/staff ID '
'numbers',
'Forwarding email addresses',
'Spam quarantine emails']},
'date_detected': '2025-11-26',
'date_publicly_disclosed': '2025-12-23',
'description': 'Unauthorized access from outside the university led to the '
'compromise of user email addresses and passwords associated '
'with the Shonan Fujisawa Campus (SFC) SFC-CNS email service. '
'The university initiated mandatory password resets and is '
'taking necessary actions to address the situation.',
'impact': {'brand_reputation_impact': 'Significant inconvenience and concern '
'caused to affected users',
'data_compromised': 'Email addresses, password hashes, plaintext '
'email passwords, Wi-Fi passwords, full names, '
'ID numbers, forwarding email addresses, and '
'spam quarantine emails',
'identity_theft_risk': 'High (due to compromised PII and '
'passwords)',
'operational_impact': 'Mandatory password resets, potential '
'phishing/spam risks, and secondary harm '
'prevention measures',
'systems_affected': 'SFC-CNS email service, spam quarantine '
'server, directory server'},
'initial_access_broker': {'entry_point': 'Spam quarantine server'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Mandatory password resets, '
'enhanced monitoring, and '
'ongoing investigation',
'root_causes': 'Zero-day vulnerability in spam '
'quarantine server software'},
'recommendations': 'Change compromised passwords for other services, exercise '
'caution with suspicious emails, and monitor for secondary '
'harm.',
'references': [{'source': 'Keio University Incident Report'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to relevant '
'government agencies '
'and police'},
'response': {'communication_strategy': 'Public disclosure, advisories to '
'affected users',
'containment_measures': 'Blocked entry point, mandatory password '
'resets',
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Investigation into the zero-day '
'vulnerability, enhanced monitoring',
'third_party_assistance': 'Cisco Systems, LLC'},
'stakeholder_advisories': 'Advisories issued to affected users regarding '
'password resets and phishing risks.',
'title': 'Unauthorized Access and Data Compromise at Keio University SFC-CNS '
'Email Service',
'type': 'Data Breach',
'vulnerability_exploited': 'Unknown vulnerability in the spam quarantine '
'server software'}