cyber Breach

Osaka University

May 11, 2023 1 min read
Osaka University

Osaka University suffered from a data breach incident that exposed personal data of 80,000 people.

The university's computer system was fraudulently accessed many times from outside using the ID and password of one lecturer.

According to the university, a manager's ID was acquired through the access sessions and then used to install malware that stole data.

The compromised information includes names, identification numbers and email addresses.

The stolen information also contained lists of donors to the university and pay records.

They investigated the incident and all computer system users changed their password as a countermeasure.

Source: https://www.japantimes.co.jp/news/2017/12/13/national/crime-legal/hackers-may-stolen-personal-data-80000-people-associated-osaka-university/#.WjzNU7dl-Uk

TPRM report: https://scoringcyber.rankiteo.com/company/osaka-university

"id": "osa16232323",
"linkid": "osaka-university",
"type": "Breach",
"date": "12/2017",
"severity": "50",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 80000,
                        'industry': 'Education',
                        'location': 'Osaka, Japan',
                        'name': 'Osaka University',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Phishing/Stolen Credentials',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 80000,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Donor Lists',
                                              'Pay Records']},
 'description': 'Osaka University suffered from a data breach incident that '
                "exposed personal data of 80,000 people. The university's "
                'computer system was fraudulently accessed many times from '
                'outside using the ID and password of one lecturer. According '
                "to the university, a manager's ID was acquired through the "
                'access sessions and then used to install malware that stole '
                'data. The compromised information includes names, '
                'identification numbers, and email addresses. The stolen '
                'information also contained lists of donors to the university '
                'and pay records.',
 'impact': {'data_compromised': ['Names',
                                 'Identification Numbers',
                                 'Email Addresses',
                                 'Donor Lists',
                                 'Pay Records']},
 'initial_access_broker': {'entry_point': 'Compromised Credentials'},
 'motivation': 'Data Theft',
 'post_incident_analysis': {'corrective_actions': ['Password Change'],
                            'root_causes': 'Weak Password Policies'},
 'references': [{'source': 'Osaka University'}],
 'response': {'containment_measures': ['Password Change']},
 'title': 'Data Breach at Osaka University',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Weak Password Policies'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.