Fujitsu Limited, Japan's largest IT service provider, announced that several of its computers have been infected with malware, leading to a possible data breach.
Known details about Fujitsu data breach
The company published a security notice late last Friday, announcing that an internal investigation revealed that files containing personal and customer information may have been compromised or exposed.
According to Fujitsu, the affected computers have been disconnected and monitoring of other business computers has been stepped up. We are currently investigating the status of malware intrusion and whether there has been any information leakage.
It also said there have been no reports of personal information being misused, which doesn't mean much if the breach occurred recently.
Fujitsu did not say when it became aware of the breach, share a (preliminary) timeline of the attack, or identify the specific malware used by the attackers.
The company notified “individuals and customers” who may be affected and reported it to Japan's Personal Information Protection Commission.
Past cyber attacks against Fujitsu
In June 2023, Japan's Ministry of Internal Affairs and Communications publicly reprimanded Fujitsu Cloud Technologies, a subsidiary of Fujitsu Limited that will soon merge with its parent company.
The ministry called on Fujitsu Cloud Technologies and Fujitsu Limited to urgently implement security measures to protect the confidentiality of communications and strengthen their cybersecurity posture.
This request came as a result of several breaches suffered by the two companies.
- FENICS, Fujitsu Limited's cloud-based internet service used by governments and large corporations, was breached in 2022, accessed and misused by unauthorized parties and leaking confidential information.
- An incident in May 2020 involving the compromise of devices used by the company's cloud services and the subsequent leakage of confidential communications.
Fujitsu was also involved in a supply chain attack in May 2021. The company's project management suite, Fujitsu ProjectWEB, was accessed by an unauthorized third party, resulting in a data breach that affected multiple government agencies in Japan.
The data was allegedly sold on the dark web. The company later discontinued his ProjectWEB portal/tool.