iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Japanese tech multinational Fujitsu has confirmed that a cyber attack on its systems in Japan may have resulted in data being exfiltrated.
In a notice issued on 15 March, Fujitsu revealed that it had detected malware on its Japan based systems and that further investigation revealed that personal information may have been exfiltrated by the threat actors.
“We confirmed the presence of malware on several of our company’s work computers, and as a result of an internal investigation, it was discovered that files containing personal information and customer information could be illegally taken out,” the company said.
Fujitsu hires over 124,000 staff and has an annual revenue of US$23.9 billion, making it the largest IT services provider in Japan and the sixth-largest in the world, meaning the theft of customer and/or company data could have a detrimental effect.
Furthermore, being the largest IT services provider in Japan, it has a strong relationship with the Japanese government, being used for government projects relating to R&D, the public sector, and even national security.
Fujitsu said that upon discovering the malware on its systems, it took the affected systems offline and engaged in additional security measures, before elevating its investigation regarding how threat actors gained access.
“After confirming the presence of malware, we immediately disconnected the affected business computers and took measures such as strengthening monitoring of other business computers,” continued Fujitsu.
“Additionally, we are currently continuing to investigate the circumstances surrounding the malware’s intrusion and whether information has been leaked.”
Currently, the threat actor behind the breach is unknown, as is the motivation behind the attack, as no data belonging to Fujitsu has been leaked online or listed for sale. It is also unknown whether the threat actors have engaged in ransom discussions with the company.
At the time of writing, Fujitsu said there are no reports that personal information or customer data has been misused, but said it has reported the incident to the Personal Information Protection Commission in case the data is misused in the future.
“We deeply apologise for the great concern and inconvenience this has caused to everyone involved,” it said.
This incident is not Fujitsu’s first cyber security battle, with the company having suffered a data leak after a threat actor listed data pertaining to it online.
On 28 August 2021, Fujitsu discovered that a threat actor called Marketo had listed data associated with the tech giant on an online marketplace.
Despite the listing, it is currently unknown whether any data was actually leaked or sold or if Fujitsu suffered any material losses as a result.
A buyer for the data may never have been found, or the threat actor could have lied about the authenticity of the data.
Update 25/03/2024: Fujitsu reached out to Cyber Daily to share that investigations had shown that the attack was limited to Japan.
"According to the investigation, this incident is limited to Japan and to date there has been no impact outside of Japan," a Fujitsu spokesperson told Cyber Daily.
Be the first to hear the latest developments in the cyber industry.
