Fujitsu confirms data breach, implements robust security measures

Fujitsu, the renowned Japanese tech giant, has confirmed a data breach that compromised some individuals’ and customers’ personal and business information. The breach, discovered earlier this year, did not involve ransomware but utilized sophisticated mechanisms to evade detection while exfiltrating sensitive details.

In a statement, Fujitsu detailed the results of their investigation, initially announced on March 15, 2024, and the measures taken to address the breach. The company assured that affected customers had been notified individually.

In March 2024, Fujitsu detected malware infections in several systems, raising concerns about potential compromises of sensitive customer information. The company promptly initiated a comprehensive investigation in collaboration with an external specialist research firm. The investigation, which included a thorough analysis of log information and interviews with internal personnel, revealed the scope and cause of the breach.

The investigation revealed that the malware was installed on one of Fujitsu’s business computers and spread to other work computers within Japan’s internal network. This malware employed advanced techniques to disguise and evade detection, making it extremely challenging to identify. Despite its sophistication, the investigation confirmed that the number of infected work computers did not exceed the initially detected 49 computers.

Fujitsu emphasized that the compromised computers were not involved in managing its cloud services, and no traces of access to customer-provided services were found. Thus, the impact was confined to the company’s internal network.

Further examination of Fujitsu’s communication and operation logs revealed that the malware executed commands to copy certain files. These files contained the personal information of some individuals and business-related information of customers. Although there have been no reports of misuse of the compromised information, Fujitsu has proactively notified the affected customers and is taking necessary measures to mitigate any potential risks.

Fujitsu has implemented several measures to address the breach and enhance its information security. It has assured its customers of its commitment to further strengthening its information security measures to prevent similar incidents in the future.