Data Breach Unveiled: Fujitsu's IT Systems Stricken by Malware

Fujitsu, the globally recognized Japanese tech juggernaut, recently identified a malware infection within several of its systems. The company also confirmed an ensuing data breach that potentially compromised customer data (Toulas, 2024).

As the sixth largest IT services provider worldwide, Fujitsu boasts an impressive annual revenue of $23.9 billion and employs around 124,000 individuals. With a diverse range of services and products, from software and hardware to telecommunications equipment and cloud solutions, Fujitsu has marked its presence in over 100 countries (Reuters, 2024).

Its intricate relationship with the Japanese government further underscores Fujitsu's pivotal role in the country's national security and public sector projects. Yet, despite its impressive standing, the company fell prey to a major cybersecurity breach.

A recent announcement on the company's news portal revealed that the breach compromised systems and data, potentially exposing sensitive customer information (Fujitsu, 2024). "We have confirmed the presence of malware on several of our business computers… files containing personal information and information related to our customers could be illicitly removed," the notice read (Fujitsu, 2024).

Post-incident, Fujitsu isolated the affected computers and ramped up its monitoring efforts across other business computers. The company continues to investigate the breach's origin and the extent of data exfiltration.

While there are currently no reports of customer data misuse, Fujitsu has informed the Personal Information Protection Commission about the incident and plans to issue individual notices to the impacted customers (Fujitsu, 2024).

This incident isn't Fujitsu's first encounter with a significant security breach. In May 2021, Fujitsu's ProjectWEB information sharing tool was exploited, leading to a breach of multiple Japanese government offices. This incident resulted in the theft of 76,000 email addresses and proprietary data, including sensitive information from government systems and potential air traffic control data from Narita International Airport (Toulas, 2021).

Following a thorough investigation, Fujitsu identified stolen ProjectWEB credentials as the cause of the breach and discovered multiple vulnerabilities within ProjectWEB. Consequently, the company discontinued ProjectWEB and replaced it with a new information-sharing tool that incorporates zero-trust security measures (Fujitsu, 2021).

References:

Toulas, B. (2024). Fujitsu found malware on IT systems, confirms data breach. [Online article].

Fujitsu (2024). Fujitsu Announcement. [Press Release].

Reuters (2024). Fujitsu Profile. [Online Article].

Toulas, B. (2021). Fujitsu 2021 hack. [Online article].

Fujitsu (2021). ProjectWEB Discontinuation Announcement. [Press Release].

Know more. Investigate better.