Fujitsu has revealed that hackers may have stolen personal data following a cyber attack on the company.
The Japanese tech giant said an investigation by security teams discovered malware on “several” company systems, with compromised files containing personal information and customer details that could have been leaked by threat actors.
“After confirming the presence of malware, we immediately disconnected the affected business computers and took measures such as strengthening monitoring of other business computers,” the firm said in a statement.
Fujitsu said it is continuing to investigate how the incident unfolded and whether information was leaked. It has not disclosed any details of the stolen data, but noted that it has not received any reports that personal information has been misused.
Customers potentially affected by the breach will be informed, the company confirmed. Fujitsu also reported the incident to Japan's data protection authority, the Personal Information Protection Commission.
Some details of the Fujitsu hack remain unanswered
Fujitsu has yet to provide additional details about when the intrusion took place, how long the attackers had access to internal systems, and what type of malware was used.
This, according to Adam Pilton, cybersecurity consultant at CyberSmart, raises serious concerns about the possible magnitude of the incident. The technology company has previously been embroiled in controversy related to data protection, with regulators in Japan questioning the standards last year.
“If we go back to July 2023, we saw the Japanese Ministry of Internal Affairs and Communications publicly criticize Fujitsu and denounce their poor governance, demanding that they do better in the future,” he said.
“It wouldn't be fair to criticize Fujitsu yet, as we don't know all the details. However, it is fair to say that Fujitsu's reputation is at stake, as is its contract with the Japanese government.”
This is just the latest in a series of embarrassing situations for the company in recent years.
In May 2021, its ProjectWEB SaaS platform for enterprise collaboration and file sharing was exploited, allowing attackers to breach the offices of several Japanese government agencies.
More than 76,000 email addresses were stolen, along with proprietary data related to their computer systems, staff business email addresses, and information about their business relationships.
Last summer, it was reprimanded by Japan's Ministry of Internal Affairs and Communications for a security flaw that led to a breach of its Fenics cloud service, used by the government and large corporate clients.
Earlier this year, the company was criticized for knowingly supplying British subpostmasters with faulty software that led to hundreds of people being unfairly prosecuted for false accounting.
“Becoming a victim of a cyberattack does not always have obvious and immediate consequences, such as operational downtime or upfront financial costs,” Pilton said.
“Reputational damage and loss of business are also factors that need to be taken into account as they will be felt in the long term.”
