Fujitsu Japan has confirmed that it has been the victim of a cyberattack that leaked sensitive data, including that of customers.
Fujitsu said in a press release that the cyberattack, which was first noticed on March 15, 2024, started with the attack on a single device, before spreading to a total of 49 corporate PCs.
It was not ransomware, the company further explained, as the malware wormed its way through and used “advanced techniques” to evade detection, which is not a hallmark of ransomware attacks.
Sensitive data stolen
All compromised devices are used within Fujitsu’s internal Japanese network. Other corporate PCs, connected to network environments outside the country, were not affected. Furthermore, the company confirmed that the infected PCs were not managed via cloud services and that there was no trace of access to the services that Fujitsu provides to its customers.
Fujitsu said it was not aware of any misuse of the files so far, adding: “The investigation concluded that the damage did not spread beyond corporate computers, including customers’ network environments.”
However, the malware did steal some sensitive data from the infected computers, including personal or business information about certain customers. Fujitsu has notified the affected individuals separately.
“Fujitsu would like to once again express its sincere apologies to its customers for the concern and inconvenience this incident has caused,” the company said.
There was no word on the type of data stolen. However, The register reports that under Japanese law, a company is required to report theft to affected individuals if the stolen files contain “sensitive data” that is “likely to be misused for unlawful financial gain.”
Other conditions include stealing data for an “unlawful purpose” or stealing information from at least 1,000 people.