Fujitsu Limited has disclosed the results of an investigation into a cyberattack that potentially exposed customers’ personal information.
The breach, first announced on March 15, 2024, was caused by sophisticated malware that infiltrated the company’s internal network in Japan.
Fujitsu initially detected the malware on their computers through an internal investigation that identified suspicious behavior on several work PCs.
Upon confirming the presence of malware, the company promptly disconnected the affected computers from the network and strengthened monitoring on other business devices to prevent further spread and intrusion.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Investigation Findings
The investigation, conducted by Fujitsu in collaboration with external cybersecurity experts, revealed that the malware initially infected one business computer and subsequently spread to 48 others within the company’s internal network.
The malware employed advanced techniques to evade detection, complicating efforts to identify and contain the breach.
The compromised computers were not involved in managing Fujitsu’s cloud services, and no evidence was found indicating that the malware had accessed customer environments or spread beyond Japan.
However, the investigation confirmed that some files containing personal and business-related information were copied and potentially exfiltrated due to the malware’s behavior.
Fujitsu’s analysis of communication and operation logs indicated that commands to copy files were executed, suggesting that personal information and business data might have been illegally taken.
Affected customers have been notified individually, and Fujitsu has reported the incident to Japan’s Personal Information Protection Commission. To date, there have been no reports of misuse of the compromised data.
In response to the attack, Fujitsu implemented several immediate and long-term measures to mitigate the impact and prevent future incidents:
- Isolation and Initialization: All affected business computers were isolated from the network and reinitialized to remove the malware.
- Blocking External Connections: Connections to external servers used by the attackers were blocked to prevent further intrusion.
- Enhanced Security Monitoring: Security monitoring rules were updated to detect similar malware patterns, and the functionality of virus detection software was enhanced and updated.
Fujitsu has expressed its deepest apologies to all affected customers for the concern and inconvenience caused by the incident. The company is committed to strengthening its information security measures to prevent similar breaches in the future.
“These types of attacks and the resulting breaches are now occurring with alarming regularity,” said John Allison, Director of Public Sector at Checkmarx. “The reduction of cybersecurity risk is a constant challenge, and ongoing investment in advanced security measures is crucial.”
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo