November 21, 2024
Japan Advanced Institute of Science and Technology

Accidental sending of e-mails containing personal information

A serious incident occurred between April 4, 2023, and August 29, 2024, in which an email sent to the mailing list of the responsible department used for inquiries about non-degree students was sent to an unrelated student. First, we would like to express our deepest apologies for causing this incident.

Status of incident :
On April 4, 2023, a staff of IT management department mistakenly registered an email address of a degree student (unrelated student) as a member of the departmental mailing list used for non-degree students (Research student, Course oriented student, etc. including applicants) inquiries (Mailing list with administrative staff only) . On August 29, 2024, another staff member of the IT management department found this erroneous registration while checking the mailing list, and he deleted his e-mail address from the mailing list on the same day. From the day of the erroneous registration to the day of the deletion of the registration, all emails communicated between the responsible department and related people were also sent to this student.

Scope of Incident :
The number of e-mails sent to this mailing list during the incident period was 8,164, and correspondence with 686 e-mail addresses was confirmed. Through this mailing list, emails about Research Students, Course Oriented Students, and Special Visiting Students have been communicated before and after their admission, and these emails include 3,015 attached files containing names, addresses, application form, resume for admission, and report of studies to be submitted upon completion of the program. In addition, these e-mails include information sent not only by the non-degree students themselves, but also by their institutions and other organizations.

Response to incident :
On September 7, 2024, the university representative interviewed the concerned student and confirmed that the mailing list emails had been automatically filtered and managed in a folder separate from the inbox folder, that there had been no secondary information leakage, and that all mistakenly sent data stored in the student's email software had been deleted.

Apology :
We sincerely apologize for any inconvenience and concern this incident may have caused to those who contacted us during the period in question. The protection of personal information is extremely important, and we are reviewing the operation of our mailing list to ensure that such an incident does not recur. We will continue our efforts to strengthen our information management system.

We appreciate your understanding and cooperation in this matter.

[Contact]
JAIST CSIRT (Computer Security Incident Response Team)
Please contact us using the form below.
https://forms.office.com/r/hpt02fcaCe