Japanese multinational information and communications technology equipment and services corporation Fujitsu disclosed a data breach that occurred on March 15, which may have resulted in the exfiltration of customer personal details and company data.
NEC and an external specialist research firm conducted a detailed investigation to identify the scope of the impact and the nature of the security incident. This included interviews with internal parties and analysis of log information, such as communication and operation logs.
The inquiry revealed that the attack used malware and great persistence and evasion techniques. The unspecified malware was installed on one of the company's business computers and spread to 49 computers in the company's internal network in Japan, with no signs of the infection spreading to work computers in network environments abroad.
Fujitsu said the impacted business computers do not handle the company’s cloud services, and the infection did not affect the customer-facing services or client environments.
However, the tech giant suspects some of the company data may have been exfiltrated by the cyberattackers, which includes files that contained “personal information of some individuals” and details on customers’ businesses. The announcement mentions that affected customers have been notified individually.
Until now, there have been no reports of cybercriminal activity involving data that may have been exfiltrated in the 2024 Fujitsu data breach.
This year, cyberattacks have been reported in high numbers, with a few recent examples being a 2024 Roblox Developer Conference data breach due to third-party access to a vendor’s website and a sensitive customer information leak affecting healthcare fintech company HealthEquity.