Keio University Shonan Fujisawa Campus reports data breach
Learn More
Keio University's Shonan Fujisawa Campus (SFC) reports a data breach after attackers broke into its email system. The university detected unusual activity on its spam quarantine server on November 26, 2025. They blocked the entry point and investigated with Cisco Systems.
By December 18, the investigation concluded attackers had used a previously unknown zero-day vulnerability in the server software to get inside.
The attackers moved from the spam server to a directory server and were able to steal personal details for thousands of people. The university reported the incident to the police and the Personal Information Protection Commission on December 22 2025. Exposed data inlcudes:
- Email addresses and full names
- Plain text email passwords
- Reversible encrypted Wi-Fi passwords
- Hashed account login passwords
- Student and staff ID numbers
- Up to 222,508 quarantined emails
- Safe and block lists for 1,102 users
The incident affected 6,447 active accounts, including students and staff. The university also found that 1,025 graduates had their email addresses leaked. It's not clear why the directory server stored plain text passwords.
The university enforced a password reset and are still checking if the attackers used the stolen data to cause more damage.
The affected individuals should watch out for fake emails and spam. The university is still working to fix the core issue.
