Meet us at RSA 2024

Polymer

Download free DLP for AI whitepaper

Fujitsu malware hack: What we know so far

Mar 19, 2024
Breach
Fujitsu data breach

Summary

  • Fujitsu announced discovery of malware on its corporate network, risking unauthorized access to customer data.
  • Details are currently hazy, with limited information on how or when the attack occurred.
  • This incident adds to Fujitsu’s history of breaches, including the ProjectWEB attack in 2021.

This week, Fujitsu, a prominent IT company based in Japan, announced the discovery of malware on its corporate network, which may have been used to gain unauthorized access to personal information belonging to customers or other parties.

This incident adds to Fujitsu’s recent controversies, including its involvement in the British Post Office scandal.

Here’s what we know about the situation so far:

What happened? 

In a notice dated March 15 and published on its website, Fujitsu issued a statement, confirming:

“We confirmed the presence of malware on several of our company’s work computers, and as a result of an internal investigation, it was discovered that files containing personal information and customer information could be illegally taken out.”

The company stated that it is actively investigating the circumstances surrounding the intrusion of the malware and the potential leakage of information. However, it did not provide details regarding the timing of the breach, the number of records exposed, or the extent of the potential impact on individuals.

Despite emphasizing that it has not received any reports of customer data misuse, Fujitsu has notified Japan’s Personal Information Protection Commission about the incident. Moreover, it is in the process of preparing individual notifications for customers who may have been affected.

The second breach for Fujitsu

While you would hope a company like Fujitsu has airtight security controls, this isn’t the first time Fujitsu has been breached. 

In May 2021, Fujitsu’s ProjectWEB solution was exploited, leading to the unauthorized access and the theft of 76,000 email addresses and proprietary data from Japanese government agencies’ offices.

A followup investigation into this incident found that the malicious actors used stolen ProjectWEB credentials to carry out the attack. 

While the details on the most recent breach are still few and far between, the simplicity of the ProjectWEB attack on Fujitsu bares the question: was this a sophisticated cyber-attack, or simply another case of account hijacking

In any case, let this be a reminder to all organizations to bolster their approach to password security: use multi-factor authentication, combined with data-centric security tools, to mitigate the possibility of malicious actors accessing sensitive information.  

We’ll share more updates on the Fujitsu malware attack as we learn more.

Polymer is a human-centric data loss prevention (DLP) platform that holistically reduces the risk of data exposure in your SaaS apps and AI tools. In addition to automatically detecting and remediating violations, Polymer coaches your employees to become better data stewards. Try Polymer for free.

SHARE

Get Polymer blog posts delivered to your inbox.