Fujitsu Attributes Cyberattack to “Advanced” Malware, Confirms Customer Data Breach
Fujitsu Confirms Cyberattack Resulting in Customer Data Breach
Fujitsu Japan has acknowledged a cyberattack resulting in the unauthorized exposure of sensitive customer data. According to a recent press release, the attack was first detected on March 15, 2024, originating from the compromise of a single device and subsequently affecting a total of 49 business PCs.
Contrary to initial speculation, Fujitsu clarified that the incident did not involve ransomware. Instead, the company described the malware responsible as employing sophisticated techniques to evade detection, emphasizing that such behavior is not typical of ransomware attacks.
The compromised devices were exclusively within Fujitsu’s internal network in Japan; PCs connected to networks outside the country remained unaffected. Additionally, Fujitsu confirmed that the infected PCs were not managed through cloud services, and there was no unauthorized access detected in the services provided to customers.
Although Fujitsu stated there have been no reports of the stolen data being misused externally, the malware did manage to exfiltrate sensitive information from the affected computers, including personal and business-related data of certain customers. Fujitsu has notified the affected individuals individually as per legal obligations.
In response to the incident, Fujitsu expressed sincere apologies to its customers for any inconvenience caused and reiterated its commitment to addressing the aftermath of the breach. The company did not disclose the specific nature of the stolen data, but under Japanese law, it is required to inform affected individuals if the compromised files contain sensitive data that could potentially be exploited for unlawful financial gain or other wrongful purposes.
The investigation into the cyberattack is ongoing, with Fujitsu working diligently to mitigate any further risks and secure its systems against future threats.
