others
Apology and Report Regarding Spam Emails Sent Due to Unauthorized Access
2026/07/06
We regret to inform you that the email accounts of nine current students and graduates of our university have been illegally used by a third party, resulting in the sending of numerous suspicious emails both within and outside the university.
After completing log analysis and investigation at our university, we found no objective evidence that past emails had been viewed. However, due to limitations in system verification, we cannot completely rule out the possibility that personal information stored in the account may have been viewed by a third party. Therefore, our university has taken measures prioritizing security above all else.
We sincerely apologize to everyone involved for the great inconvenience and worry we have caused.
We would like to report the facts and our response regarding this matter as follows.
Note
1. Overview of the situation (background)
① Date and time of occurrence: After 2026 ② Date and time of detection: 2026
③ Weft and Longitude:
We have confirmed that a third party illegally accessed the accounts of nine individuals at our university and used them as a platform for sending spam emails. Upon detection, we immediately suspended (or disabled) the accounts in question and blocked the unauthorized access.
2. Damage Situation (as of July 3, 2026)
Following the unauthorized login, we have confirmed that a large number of suspicious emails (spam emails) were sent from that account both within and outside the university.
① Target accounts: 9 people in total, including current students and graduates ② Number of suspicious emails sent: 17,864
3. Concerns regarding the viewing of personal information
Analysis of system logs has not revealed any clear evidence (including actions such as downloads) that existing sent and received emails were viewed during the period of unauthorized access. However, considering the limitations of technical verification, we have taken measures to ensure security, assuming that the possibility of personal information being viewed cannot be completely ruled out. At this time, no secondary damage related to the leakage of personal information has been confirmed.
4. Regarding the cause
It is believed that the account was compromised because a malicious third party stole the authentication information (ID and password) through some means.
5. Whether or not there is secondary damage or the risk thereof.
At this time, we have not received any reports of misuse of information or financial losses resulting from this incident. However, there is a risk of secondary damage in the future, such as receiving "phishing emails" impersonating university personnel.
[A request to recipients]
If you receive a suspicious email that you do not recognize, even if the sender's name appears to be someone affiliated with this university, please delete it immediately without clicking on any URLs in the email body or opening any attachments.
6. Notification to the individual and public disclosure
Following the discovery of this matter, we plan to promptly conduct an investigation and report to the Personal Information Protection Commission, the Ministry of Education, Culture, Sports, Science and Technology, and other supervisory authorities. We are also contacting those whose contact information can be identified individually via email or other means. On the other hand, for those whose contact information is technically difficult to identify, we will use this public announcement as our apology and report in accordance with the law.
7. Measures to prevent recurrence and future responses
Our university takes this incident very seriously and will make every effort to prevent a recurrence by promoting the introduction of multi-factor authentication (MFA), improving account management, and thoroughly reinforcing information security education.
[Contact information for inquiries regarding this matter]
Nihon University Information Innovation Center Secretariat Inquiry Form: https://forms.gle/rj9W2fdJZPntrWrM7
That's all