As previously reported, on April 16, 2025, Tokai University, established by this corporation, suffered a cyber attack (unauthorized access) from a third party, and infection of some of its systems with ransomware has been confirmed. In this cyber-attack, information such as user IDs and hashed*1 passwords of school-related personnel to log in to the system, e-mail addresses, and contents in the web server were encrypted, and various services could not be provided. In addition, due to the effect of temporarily shutting down Tokai University's Internet connection to prevent the spread of damage, the official websites of Tokai University as well as affiliated schools and related organizations established by the corporation were not accessible. Since then, we have been working on the restoration step by step, and as of July 16, 2025, the official website, the student portal site, the class support system, and the school email are available as usual. Other services will be restored in a systematic manner so that they can be used more safely. We sincerely apologize to all concerned for any inconvenience and concern this may cause.
No damage to hospital information systems such as electronic medical records has been confirmed for Tokai University Hospital and Tokai University Hachioji Hospital, and no patient information has been leaked. From the time of the damage to the present, the hospital has been providing normal medical services.
(*1) Hashing: Process of converting to a short code (hash value) that is very difficult to undo.
Based on the investigation status as of July 16, 2025, the following facts have been generally confirmed. Based on the status of the investigation as of July 16, 2025, the facts that have been generally confirmed are as follows. We will continue to investigate the possibility of the information leakage and the scope of its impact, but at present we have not confirmed that any encrypted data has been leaked outside the company via the dark web or other means.
1. Background
<Cause
According to the investigation by an external information security expert organization, although the route and method have not been clarified at this point, it is assumed that the root cause is that the account information of the school staff was stolen by some means such as phishing, and the attacker used the stolen account information to illegally enter Campus Network and execute the ransomware, The attackers used the stolen account information to illegally invade and execute the ransomware.
<Encrypted information
(1) Authentication information of school-related persons
Students, faculty, and staff / 43,451 user IDs, hashed passwords, and 43,451 e-mail addresses issued by the university for each student, faculty, and staff member note (supplementary information) symbol 2
(*2) The total number of encrypted information is the maximum number known at this time, as it cannot be specified due to the loss of some logs.
(2) Web server content (no personal information is included)
<Route of unauthorized access
(1) Possibility that IDs and passwords of school personnel were obtained by a third party through some means.
(2) On April 16, 2025, at 10:55 p.m., the attacker used the obtained ID and password to illegally enter Campus Network
(3) Attacker executes ransomware attack
2. Response by the Corporation
<Collaboration with specialized information security organizations
After the ransomware infection was discovered, we temporarily shut down the network connection and formed an investigation team, including experts from an external information security specialist organization, to determine the cause, identify the extent of the damage, and restore the network.
<Reporting to related organizations
(1) April 17, 2025 First report of the occurrence of this case was reported to the Ministry of Education, Culture, Sports, Science and Technology (MEXT).
(2) April 18, 2025: The Company reported the damage to the competent police station and began cooperating with the investigation.
(3) April 30, 2025 Reported this matter to the Personal Information Protection Committee.
(4) June 20, 2025 A second report on the status of the investigation of this matter was submitted to the Ministry of Education, Culture, Sports, Science and Technology.
(5) June 20, 2025 A second report on the status of the investigation of this matter was submitted to the Personal Information Protection Commission.
<Recurrence prevention measures
We take this information security incident extremely seriously, and will review our information security system to prevent recurrence, while receiving advice and support from pro-technical organizations specializing in information security outside the university, and will promote thorough information security education for students and faculty members.
<Recovery Status
〔Gakuen】 Email access via the Gakuen email address and the official websites of Tokai University as well as the official websites of the affiliated Ōsaka schools and related institutions established by the corporation have been restored. In addition, a new Campus Network is currently under construction to provide a safer education and research environment.
Both the student portal site and the class support system have been restored, and classes are currently being held at all campuses without major problems. Other systems and PC rooms used by students are being upgraded to a secure Campus Network and will be resumed as soon as they are ready.
There is no impact on medical services at Tokai University Hospital (Isehara) and Tokai University Hachioji Hospital.
There will be no impact on classes at the certified child care centers, elementary schools, middle schools, and high schools.
3. Future actions
We will continue to cooperate with the police authorities, and in the unlikely event that an information leak is confirmed in the future, we will report it to the Ministry of Education, Culture, Sports, Science and Technology and the Personal Information Protection Commission in a timely manner. In addition, in cooperation with external organizations specializing in information security, we will establish a new information system and thoroughly implement information security measures to prevent the recurrence of information security incidents.
We would like to again apologize for the great concern and inconvenience we have caused you. The corporation takes this situation extremely seriously, and we will work to further strengthen our security management system and take strict measures against criminal acts such as unauthorized access.