News

The possibility that personal information leaked from the database due to the unauthorized access from a third party to the web server of School of Engineering, Hokkaido University

We detected the web server, which is managed and operated by the Faculty of Engineering, Hokkaido University, received unauthorized access from a third party on Tuesday, November 28th, 2023 and there is a possibility that personal information leaked from the database between November 6th and November 28th, 2023, which is operated only for Educational Research Organizations related to engineering of Hokkaido University.

We deeply apologize that this incident might cause any trouble and worry to many people.

Soon after we recognized the incident, we disconnected access to the web server of School of Engineering, Hokkaido University from outside campus and took necessary procedures. We conducted a careful investigation with the cooperation of the external specialized organization to specify the underlying cause of the incident and to check the information might be leaked from the database. It took long time from the incident being recognized to being announced, but we found no technical problems except for this incident.

Summary of investigation results are shown below.

1. Personal information likely to leak from the database.

(1) Personal information of the students who enrolled/have enrolled in the university after FY 20031):19,570 cases
(2) Personal Information of the academic/administrative staffs who were employed/have been employed by the university after FY 20042):2,890 cases
(3) Personal information of the part-time lecturers who were employed/have been employed by the university after October 20233):1 case
(4) Personal information of the family members of the academic/administrative staffs who were employed/have been employed by the university after FY 20214):1,090 cases
(5) Personal information of those who reserved the seminar rooms of the Frontier Research in Applied Sciences Building after January 2023:3 cases

1) School/Faculty/Graduate school of Engineering, Faculty/Graduate school of Information Science and Technology, Graduate school of Chemical Science and Engineering
2) Faculty of Engineering, Faculty of Information Science and Technology, Research Center for Integrated Quantum Electronics, Meme Media Laboratory (Venture Business Laboratory), Center for Advanced Research of Energy and Materials, Administrative office, Faculty of Engineering
3) Graduate School of Engineering
4) Faculty of Engineering, Faculty of Information Science and Technology, Research Center for Integrated Quantum Electronics, Administrative office, Faculty of Engineering

2. The actions taken after unauthorized access is discovered

Soon after we detected the attack, we blocked access to the web server of School of Engineering, Hokkaido University from outside campus including the attack source. We made internal investigation as well as external investigation with cooperation of the specialized organization. As a result, both university and the specialized organization found no technical problems except for this incident.

We also built a new web server of School of Engineering, Hokkaido University which is not operated in a collaborative manner with the database and resumed publication of website of School of Engineering, Hokkaido University.

3. Notification to whose personal information might be leaked from the database

For people whose contact information has been confirmed, we have started to report the incident and give the consultation information in order by e-mail to whose personal information might be leaked from the database.

4. The measures to prevent recurrence

We have already started to review the system configuration of the web server which are operated by Faculty of Engineering, Hokkaido University. At the same time, we work together with the Information Security Management Section, ICT Promotion Office of the university to intensify our efforts such as reviewing operation methods and establish a system for regular evaluation and verification. By notifying the current academic/administrative staffs and students to ensure information security including handling of personal information protection, we try harder than ever to prevent recurrence of the incident.

5. Consultation information

We deeply apologize again that this incident might cause any trouble and worry to many people.

We have not heard that the personal information that may be leaked is misused so far, but should you have any inquires and/or if you find the cases where damage is suspected, feel free to contact us by using the contact information below.

Contact information

【For the incident itself】

General Affairs Division, Faculty of Engineering, Hokkaido University
E-mail counterpoint1@eng.hokudai.ac.jp (For students including alumni)
    counterpoint2@eng.hokudai.ac.jp (For academic/administrative staffs including retirees)

【For the Information Security of whole University】

Information Security Management Section, ICT Promotion Office, Hokkaido University
E-mail contact@security.hokudai.ac.jp

News index

to top

We use cookies to improve our website for user's usability and experience.
To accept cookies, click 'Accept'. To reject cookies, click 'Deny'. This tool uses a cookie to remember your choices.
Please read cookie policy at 'About This Site.