Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data.
Fujitsu is the world's sixth largest IT services provider, employing 124,000 people and having an annual revenue of $23.9 billion. Its portfolio includes computing products like servers and storage systems, software, telecommunications equipment, and a range of services, including cloud solutions, system integration, and IT consulting services.
The company has a strong presence in the global market, operating in over 100 countries. It also maintains a multifaceted relationship with the Japanese government, undertaking public sector projects, getting involved in government-funded R&D projects, and playing a crucial role in the country's national security.
An announcement published late last week on the firm's news portal discloses a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.
"We have confirmed the presence of malware on several of our business computers, and as a result of our internal investigation, it has been discovered that files containing personal information and information related to our customers could be illicitly removed," reads a Fujitsu notice.
"After confirming the presence of the malware, we promptly isolated the affected business computers and have taken measures such as strengthening the monitoring of other business computers."
Fujitsu says it will continue investigating how the malware found its way into business systems and what data it exfiltrated.
Though the firm says it has received no reports of the misuse of customer data, it has informed the Personal Information Protection Commission about the incident and is currently preparing individual notices for impacted customers.
BleepingComputer has contacted Fujitsu to learn if the data breach affects corporate clients or consumers and to inquire about the number of impacted individuals/entities, but a comment wasn't immediately available.
Fujitsu 2021 hack
In May 2021, Fujitsu's ProjectWEB information sharing tool was exploited to breach the offices of multiple Japanese government agencies, allowing unauthorized access and stealing of 76,000 email addresses and proprietary data.
The stolen data included sensitive information from government systems and potentially air traffic control data from the Narita International Airport.
Subsequent investigations concluded in December 2021 showed that hackers leveraged stolen ProjectWEB credentials to achieve the breach.
The investigation also revealed several vulnerabilities in ProjectWEB, which was discontinued and later replaced by a new information-sharing tool incorporating zero-trust security measures.
Comments
Jase_prasad - 1 month ago
Surely Fujitsu’s data breach is far too coincidental?
Those deeply anchored UK government contracts worth some £500 million for HMRC, and several billions of pounds supporting critical UK MoD defence systems. The UK government being Fujitsu’s key stakeholders and how the firm is in transition to off load these contracts to another vendor, due in no small part to the Post Office Horizon scandal, is all in the public domain, so if Fujitsu were not targeted by threatening actors today, surely it would’ve almost certainly have happened by tomorrow, no? Many are surprised it didn’t happen sooner. Still, as expected it has occur well before all contracts are transferred over. The culprits behind the breach? Industrial espionage, perhaps? Though elections having recently taken place in countries, where the states are typically suspected of carrying out threats such as these, and today’s scenario is, well, we can all speculate. But what a time to attack: Monday morning. Can’t roll-back a hack, to neutralise a violation after the fact is impossible, best they can do is preserve and declare admission, saving its share price and reputation plummeting, a clear case of commercial and technical bravery. Questions will be asked, though; were they warned? Was there a ransom? Did they refuse to pay? Did they conceal the threat, believing they could cope?
Maybe it was none of the above and Fujitsu are just another innocent firm that has done nothing wrong to deserve such a breach. Who knows.
ThomasMann - 1 month ago
Excuse me, but....
Fujitsu is a company that builds and sells computers, and has made billions of Dollars in profits by doing that. And even they cannot pay enough attention to their data security?
johnlsenchak - 1 month ago
North Korea ? It could be a possibility