[ Oct 4, 2019 ]
（First posted on 4th of October 2019）
It has come to our attention that our staff email accounts were compromised.
As a result, 41,967 phishing mails were sent from these accounts to various organizations and people. We sincerely apologize to those who received the phishing mails to have troublesome due to our security management problems.
We assure that we shall take necessary measures to prevent such an incident in the future, in sincerity.
Chief Information Security Officer
National University Corporation
4th of October 2019
1. Summary of the incident
Phishing emails, in English, which led to fake website that prompted authentication were sent to Kanazawa University, impersonating Information Media Center, Kanazawa University. The phishing mails were sent on the 14th of August and 20th of September 2019.
There was unauthorized access to 25 email accounts of our staff who accessed the fake website by clicking the URL in the phishing mails.
Additional 41,967 phishing mails were sent from 7 out of 25 accounts to various organizations and persons on the 20th, 25th, and 27th of September 2019.
2. What we did with the incident
・We finished changing all the passwords of the email accounts which were accessed illegally.
・We asked all students and staffs to change their email passwords and remain vigilant of phishing emails.
・We are limiting the number of emails that could be sent at a time.
・We are improving email system access management.
3. What we are going to do in the future
・Students and staff will receive additional measures regarding email usage regulations. Furthermore, two-factor authentication and other additional security measures will be implemented.
・Should there be any further updates, we will report on this website.
4. Our request for cooperation
If you receive an email showing “Kanazawa University” or 「金沢大学」 as sender, please be aware of the message content. Please be especially aware of suspicious email and telephone contacts.
Public Relations Office
General Affairs Department