Fujitsu hack raises questions, after firm confirms customer data breach

Fujitsu hack raises questions, after firm confirms customer data breach

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovered malware on its computer systems.

The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer data, and apologised for any concern or inconvenience caused.

Fujitsu announcement
Announcement published on Fujitu’s Japanese website.

The press release (a Google-translated version can be read here), is somewhat scant on detail.

For instance:

  • Fujitsu doesn’t disclose the malware found, the number of affected computers, or the internal systems or databases accessed.
  • Fujitsu doesn’t specify the type of malware found – a remote access backdoor? ransomware? something else?
  • Fujitsu doesn’t share details about the stolen information, calling it “personal information and customer information.” For instance, does it include contact details, passwords, or payment information?
  • Fujitsu announced on Friday 15 March that it suffered a cyber attack, but didn’t specify when it was discovered or how long the hackers had access to its systems and data.

Fujitsu says it has reported the incident to regulators and will contact affected individuals and customers.

The company also says that it has not seen any reports of the potentially stolen information being misused. Statements like these are meant to reassure affected parties, but they don’t make you feel much more comfortable in reality.

An absence of evidence is not evidence of absence. How could a company ever confidently and honestly claim it has incontrovertible proof that exfiltrated data has not been exploited by malicious hackers and online fraudsters?

Sign up to our free newsletter.
Security news, advice, and tips.

In the past, there have been many incidents where data stolen in a hack has not immediately shown up, before appearing on the dark web months or even years later.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Fujitsu hack raises questions, after firm confirms customer data breach”

  1. jase prasad

    Surely Fujitsu’s data breach is far too coincidental?
    Those deeply anchored UK government contracts worth some £500 million for HMRC, and several billions of pounds supporting critical UK MoD defence systems. The UK government being Fujitsu’s key stakeholders and how the firm is in transition to off load these contracts to another vendor, due in no small part to the Post Office Horizon scandal, is all in the public domain, so if Fujitsu were not targeted by threatening actors today, surely it would’ve almost certainly have happened by tomorrow, no? Many are surprised it didn’t happen sooner. Still, as expected it has occur well before all contracts are transferred over. The culprits behind the breach? Industrial espionage, perhaps? Though elections having recently taken place in countries, where the states are typically suspected of carrying out threats such as these, and today’s scenario is, well, we can all speculate. But what a time to attack: Monday morning. Can’t roll-back a hack, to neutralise a violation after the fact is impossible, best they can do is preserve and declare admission, saving its share price and reputation plummeting, a clear case of commercial and technical bravery. Questions will be asked, though; were they warned? Was there a ransom? Did they refuse to pay? Did they conceal the threat, believing they could cope?
    Maybe it was none of the above and Fujitsu are just another innocent firm that has done nothing wrong to deserve such a breach. Who knows.

  2. Billhands

    Good points, have to agree with the above comment – it’s possible Fujitsu were held to ransom. Even worse, could’ve been an inside job by disgruntled employee

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.