Cyber Incident Victim: Osaka University
Date:
May 2017
Location:
Japan
Summary
A cyberattack compromised Osaka University's systems, potentially exposing personal data of approximately 80,000 individuals including students, staff, alumni, and donors. Attackers used stolen credentials from a lecturer to gain unauthorized access, subsequently installing malware to exfiltrate identification numbers, email addresses, financial records, and internal communications. The breach involved multiple intrusions originating overseas over several months, leading to the theft of personnel emails containing sensitive information on thousands of affiliated individuals. While hospital patient data remained unaffected, the institution mandated password resets for all system users and issued a public apology for the security failure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May through July 2017, Osaka University experienced unauthorized network intrusions resulting in potential data theft affecting approximately 80,000 individuals associated with the institution. Attackers gained initial access by compromising a lecturer’s credentials (ID and password), enabling multiple illegal logins originating from overseas locations. During these sessions, the perpetrators escalated privileges by obtaining a manager’s ID, which facilitated the installation of data-exfiltrating malware on university systems. The compromised information spanned two primary categories: structured records of approximately 69,000 people containing names, identification numbers, and email addresses, alongside unstructured data from personnel emails affecting up to 11,000 additional individuals. The breach window extended across three months before detection, with the university publicly disclosing the incident on December 13, 2017.
The incident impacted current and former students, employees, alumni, and donors, exposing operational and financial records alongside personal identifiers. Stolen datasets included payroll information and donor lists, though the university confirmed no evidence of patient data compromise at its affiliated hospital. Institutional response involved forced password resets for all system users as a containment measure. Osaka University trustee Yoshihiro Kizawa issued a formal apology acknowledging the breach’s severity, stating the institution deeply regretted causing significant concern. Forensic analysis determined the attackers operated from foreign jurisdictions, though specific threat actors or motivations were not disclosed. The malware’s functionality focused on harvesting credentials and exfiltrating stored data rather than disrupting university operations.