Osaka University suffered from a data breach incident that exposed personal data of 80,000 people.
The university's computer system was fraudulently accessed many times from outside using the ID and password of one lecturer.
According to the university, a manager's ID was acquired through the access sessions and then used to install malware that stole data.
The compromised information includes names, identification numbers and email addresses.
The stolen information also contained lists of donors to the university and pay records.
They investigated the incident and all computer system users changed their password as a countermeasure.
TPRM report: https://scoringcyber.rankiteo.com/company/osaka-university
"id": "osa16232323",
"linkid": "osaka-university",
"type": "Breach",
"date": "12/2017",
"severity": "50",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 80000,
'industry': 'Education',
'location': 'Osaka, Japan',
'name': 'Osaka University',
'type': 'Educational Institution'}],
'attack_vector': 'Phishing/Stolen Credentials',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 80000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Donor Lists',
'Pay Records']},
'description': 'Osaka University suffered from a data breach incident that '
"exposed personal data of 80,000 people. The university's "
'computer system was fraudulently accessed many times from '
'outside using the ID and password of one lecturer. According '
"to the university, a manager's ID was acquired through the "
'access sessions and then used to install malware that stole '
'data. The compromised information includes names, '
'identification numbers, and email addresses. The stolen '
'information also contained lists of donors to the university '
'and pay records.',
'impact': {'data_compromised': ['Names',
'Identification Numbers',
'Email Addresses',
'Donor Lists',
'Pay Records']},
'initial_access_broker': {'entry_point': 'Compromised Credentials'},
'motivation': 'Data Theft',
'post_incident_analysis': {'corrective_actions': ['Password Change'],
'root_causes': 'Weak Password Policies'},
'references': [{'source': 'Osaka University'}],
'response': {'containment_measures': ['Password Change']},
'title': 'Data Breach at Osaka University',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak Password Policies'}