Notice regarding the leakage of information due to unauthorized accesses to the Portal site of ABE Initiative (follow-up report)

2020.06.30

On the 12th June 2020, Japan International Cooperation Center (JICE), contractor and management agency for the African Business Education Initiative for Youth (ABE Initiative) “Master‘s Degree and Internship” Program announced on its website regarding unauthorized accesses to the Portal site of ABE Initiative which is developed and managed by JICE. JICA also announced this incident on its website on the same day.

After the full log review, JICE have confirmed another 44 unauthorized accesses since the establishment of the Portal site in January 2015. As a result, JICE confirmed the leakage of personal information such as log-in ID, log-in password, e-mail address and postal address in Japan, of 10 ABE Initiative participants and 17 staff’s e-mail address, 104 staff’s log-in ID and log-in password of members of accepting universities.
Consequently, this may allow unauthorized user to log in to the Portal site by using leaked log-in ID and password, and to access ABE Initiative participants’ personal information and staff members of accepting universities’ personal information.

JICE sent out e-mails with apology and notification to affected users.

Detailed outline of the incident is as follows.
(1)From late April 2020, JICE ran a vulnerability assessment on the Portal site of ABE Initiative to upgrade and strengthen our security. As a result, JICE discovered the vulnerability on the Portal site during the process of the assessment, and confirmed the unauthorized accesses after the log review.
(2)As a result of log review by that day, it was identified that the leakage of e-mail addresses and log-in passwords of 1,219 ABE Initiative participants and ex-participants, 652 staff members of accepting universities, 102 African youths who made inquiries to the Program in the past, 2 staff members of JICA and 3 staff members of JICE (total 1,984 users). .
(3)JICE reviewed all the log back to when the Portal site was established, and confirmed another 44 unauthorized accesses since the establishment of the Portal site in January 2015. As a result, JICE confirmed the leakage of personal information such as log-in ID, log-in password, e-mail address and postal address in Japan, of 10 ABE Initiative participants, and e-mail address or log-in ID and log-in password of 104 staff members of accepting universities. This may allow unauthorized user to log in to the Portal site by using leaked log-in ID and password, and to access 10 ABE Initiative participants’ personal information and 614 staff members of accepting universities’ personal information.
(4)Currently, the Portal site has been closed and cannot be accessed.

We tender the deepest apologies to all affected users and possibly affected users for the concern and inconvenience this has caused as the supervising position. We take this case very seriously and will exert our utmost efforts to prevent the recurrence.


Related Link

Sns share!

  • X (Twitter)
  • linkedIn
To the list page