Fujitsu reveals malware installed on internal systems, risk of customer data spill

Fujitsu has confirmed that miscreants have compromised some of its internal computers, deployed malware, and may have stolen some customer information.

In a March 15 notice posted on its website, and translated from Japanese, the global tech giant said it had “confirmed the presence of malware on several of our company’s work computers, and after conducting an internal investigation “discovered that files containing personal information and customer information could be illegally taken out.”

The statement doesn’t specify what malware was used, when the intrusion occurred, or how much and what type of data the criminals accessed. Fujitsu did add that, at least thus far, it hasn’t received any reports of customers’ information being misused.

Fujitsu did not immediately respond to The Register‘s inquiries about the breach.

After spotting the malware, the company said it “immediately” disconnected the affected systems and added security measures including better monitoring tools.

“Additionally, we are currently continuing to investigate the circumstances surrounding the malware’s intrusion and whether information has been leaked,” a company statement noted.

Fujitsu said it has begun notifying those affected that their data may have been stolen, and also reported the digital intrusion to Japan’s Personal Information Protection Commission.

This breach follows a series of embarrassing missteps for the tech behemoth in recent years, including the UK Post Office Horizon scandal and coverup, and a 2022 cloud security snafu that allowed remote, unauthorized access to its FENICS service used by government and large corporate customers. 

A year prior, crooks stole Japanese government agency data via a supply chain attack on Fujitsu’s ProjectWEB service.

And in other data breach news: over the weekend more than 70 million AT&T records were reportedly dumped on a cybercrime forum after allegedly being stolen from the telecommunications company back in 2021.

The stolen data, deemed “legitimate” by threat hunters on social media, reportedly includes names, Social Security Numbers, dates of birth, addresses, emails, phone numbers and other personal information. ®

READ MORE HERE