Skip to main content

Unintended viewing of the Participants List in “Princess Rinrin's information security column” Provided by NII

publication date :

Regarding the "Princess Rinrin's Information Security column" an information security educational material provided by the National Institute of Informatics (NII) and utilized by the Institute for Information Management and Communication, Kyoto University for students, it has recently been discovered that due to a configuration flaw in the GakuNin LMS system, the "Participant List" page for each institution, which should have been inaccessible to users, could be viewed by registrants of the relevant course at the institution.

As a result of NII's investigation, we have received a report from NII confirming that our university was also affected, and records of viewing by some participants (hereinafter referred to as "unintended viewing") have been confirmed. The "Participant List" contained the "Login ID" of those who registered for the course from our university, and  if the individuals had completed their profile registration themselves, their registered "Name" and "Email Address" were also listed.

In response to this situation, NII promptly took measures to complete the restriction of access and is reportedly to prevent recurrence. Furthermore, for the appropriate management of information and assurance of security, NII requested our university in contacting those who engaged in unintended viewing and related parties. Our institute implemented contact with those who engaged in unintended viewing on May 28.

Thank you for your understanding.

[For Details and NII Contact Information]
NII has published a report and apology regarding this matter on the 
following website. Please refer to the NII website for details and 
NII contact information.

https://contents.nii.ac.jp/lms_support/info/news/20250530170430

Inquiry

Information Security