Fujitsu Confirms It Was Hacked Via Malware, Says Probe Ongoing

Fujitsu Limited reported that the attack, which exposed employee and customer information, came from malware that impacted an unspecified number of the company’s work PCs.

Tokyo-based Fujitsu Limited Friday said it suffered a data breach, which resulted in files containing customer information that could have been accessed by unauthorized people.

Fujitsu, in the English translation of an online statement, wrote that it confirmed the presence of malware on several of its work computers, and after an internal investigation, found that “files containing personal information and customer information could be illegally taken out.”

“After confirming the presence of malware, we immediately disconnected the affected business computers and took measures such as strengthening monitoring of other business computers. Additionally, we are currently continuing to investigate the circumstances surrounding the malware's intrusion and whether information has been leaked,” Fujitsu wrote.

Fujitsu also said it has reported the breach to Japan’s Personal Information Protection Commission, and that it has yet to receive reports whether information about the company’s personnel or its customers has been misused.

Japan’s Personal Information Protection Commission, the chairman of which is appointed by Japan’s prime minister, provides security policies, mediation of complaints, and international cooperation.

So far, based on the statement, it appears that the impact of the breach is limited to Japan, but it could be more widespread.

A Fujitsu spokesperson, responding via email to a CRN request for further information, wrote the security breach is indeed limited to Japan and that to date there has been no impact outside of the country.

“Fujitsu has confirmed the presence of malware on multiple computers used in its internal business, and a company investigation has revealed the possibility that files containing personal information and information about customers could be illegitimately accessed as a result,” the spokesperson told CRN.

Fujitsu is a global electronics and IT manufacturer with 124,000 employees and annual revenue of about $25 billion.

2024 has been a big year for data breaches. The U.S. alone in January saw 336 publicly disclosed security incidents, which according to security provider IT Governance was 7 percent of the world’s total incidents. Those incidents resulted in over 78 million records known to have been breached.

The biggest breach so far, called the “Mother of All Breaches” by multiple institutions and media sources, was that of 26 billion records consolidated in a single data source which includes breaches from multiple previous breaches.