Notice and Apology regarding the leakage of information of users due to unauthorized accesses to the Portal site of ABE Initiative (follow-up report)
JICE has reported on its website regarding unauthorized accesses to the Portal site of ABE Initiative (first report: https://www.jice.org/en/info/2020/06/post-296.html).
After the full log review, we have confirmed another 44 unauthorized accesses since the establishment of the Portal site in January 2015. As a result, we confirmed the leakage of 10 ABE Initiative participants’ personal information such as log-in ID, log-in password, e-mail address and postal address in Japan, and mail address or log-in ID and log-in password of 104 staff members of accepting universities.
Consequently, this allows unauthorized user to log in to the Portal site by using leaked log-in ID and password, and to access 10 ABE Initiative participants’ personal information and 718 staff members of accepting universities’ personal information.
JICE sent out e-mails with apology and notification to affected users. We tender the deepest apologies to all affected users for the concern and inconvenience this has caused.
JICE commits itself to reinforcing the information security on the Portal site and its internal control in an effort to restore users’ trust.
1 Detailed outline of the case
（1）From late April 2020, JICE ran a vulnerability assessment on the Portal site of ABE Initiative to upgrade and strengthen our security.
（2）We discovered the vulnerability on the Portal site during the process of the assessment, and confirmed the unauthorized accesses after the log review. We discovered the leakage of e-mail address and log-in password of 1,225 ABE Initiative participants and ex-participants, 652 staff members of accepting universities, 102 African youths who made inquiries to the Program in the past, 3 staff members of JICA and 2 staff members of JICE. At this point, we confirmed that no other personal information than e-mail addresses and log-in passwords had been accessed as a result of log review by this day.
（3）On June 12th, JICE sent out e-mails with apology and notification to affected users mentioned in (2).
（4）JICE continued to review all the log back to January 2015 when the Portal site was established, and discovered the possible unauthorized access to personal information of 10 ABE Initiative participants and personal information of 718 staff members of accepting universities, as explained above.
（5）On June 30th, JICE sent out e-mails with apology and notification to affected users mentioned in (4).
（6）The Portal site has been closed and cannot be accessed.
2 Recurrence prevention measures
JICE will rectify or reestablish the Portal site with the following recurrence prevention measures.
（1） As a part of reinforcing the information security of the Portal site, JICE will run vulnerability assessment regularly and will install the application to monitor and blockade unauthorized accesses.
（2） JICE will request all users to change the log-in password and also to change password frequently when reopening the Portal site.
JICE will exert our utmost efforts for further improvement of system security on the Portal site and also strive to enhance its internal control for safety browsing of users.
3 Inquiries regarding this matter
Consultation counter for Personal Information
Japan International Cooperation Center (JICE)