Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data.
Fujitsu is the world’s sixth largest IT services provider, employing 124,000 people and having an annual revenue of $23.9 billion. Its portfolio includes computing products like servers and storage systems, software, telecommunications equipment, and a range of services, including cloud solutions, system integration, and IT consulting services.
The company has a strong presence in the global market, operating in over 100 countries. It also maintains a multifaceted relationship with the Japanese government, undertaking public sector projects, getting involved in government-funded R&D projects, and playing a crucial role in the country’s national security.
An announcement published late last week on the firm’s news portal discloses a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.
“We have confirmed the presence of malware on several of our business computers, and as a result of our internal investigation, it has been discovered that files containing personal information and information related to our customers could be illicitly removed,” reads a Fujitsu notice.
“After confirming the presence of the malware, we promptly isolated the affected business computers and have taken measures such as strengthening the monitoring of other business computers.”
Fujitsu says it will continue investigating how the malware found its way into business systems and what data it exfiltrated.
Though the firm says it has received no reports of the misuse of customer data, it has informed the Personal Information Protection Commission about the incident and is currently preparing individual notices for impacted customers.
BleepingComputer has contacted Fujitsu to learn if the data breach affects corporate clients or consumers and to inquire about the number of impacted individuals/entities, but a comment wasn’t immediately available.
Fujitsu 2021 hack
In May 2021, Fujitsu’s ProjectWEB information sharing tool was exploited to breach the offices of multiple Japanese government agencies, allowing unauthorized access and stealing of 76,000 email addresses and proprietary data.
The stolen data included sensitive information from government systems and potentially air traffic control data from the Narita International Airport.
Subsequent investigations concluded in December 2021 showed that hackers leveraged stolen ProjectWEB credentials to achieve the breach.
The investigation also revealed several vulnerabilities in ProjectWEB, which was discontinued and later replaced by a new information-sharing tool incorporating zero-trust security measures.