Fujitsu has confirmed it has been hit by a cyberattack.
A statement from the company confirmed the presence of malware on several of its computers.
“As a result of an internal investigation, it was discovered that files containing personal information and customer information could be illegally taken out,” the statement read.
“After confirming the presence of malware, we immediately disconnected the affected business computers and took measures such as strengthening monitoring of other business computers. Additionally, we are currently continuing to investigate the circumstances surrounding the malware’s intrusion and whether information has been leaked.
“In addition to reporting individually to the targeted individuals and customers, we have also reported to the Personal Information Protection Commission in anticipation of the possibility that personal information may have been leaked. To date, we have not received any reports that personal information or information about our customers has been misused.
“We deeply apologise for the great concern and inconvenience caused to everyone involved.”
John Allison, Director of Public Sector at Checkmarx, said: “These types of attacks and the resulting breaches are now occurring with alarming regularity. There are many lessons learned from breaches going back to Sony up through SolarWinds.
“The reduction of cybersecurity risk is a constant challenge for CISOs when everything from networks to endpoints to potentially thousands of applications developed in-house must be locked down. Emerging regulation and legislation in various parts of the world only add to the complexity. On-going investment in consolidated solutions that streamline and simplify management of these risks, such as those covering software supply chain security risk, must be made in order to establish the most stringent possible defences.”
Adam Pilton, Cyber Security Consultant at CyberSmart, said: “Becoming a victim of a cyberattack does not always have obvious and immediate consequences, such as operational downtime or upfront financial costs. Reputational damage and the loss of business are also factors that must be considered as these will be felt over the longer term.”
Sylvain Cortes, VP Strategy, Hackuity, said: “That a corporation as large as Fujitsu has been hit by a cyberattack shows we are all susceptible to cyberattacks, no matter how big or careful an organisation is. All it takes is one employee falling for a deceptive phishing link or to open the wrong file with malicious data enveloped by attackers for them to compromise systems and steal sensitive data.
“Victims of such attacks can expect to face persistent and targeted attacks with potentially catastrophic repercussions for the business. Beyond staff awareness training, constant risk assessments, rigorous patching schedules, and advanced security measures, organisations should look to constantly assess and prioritise their most critical vulnerabilities. Any unpatched hole in the network is like leaving your car unlocked in the centre of the city. Prioritise, patch, prevent.”
Colin Little, Security Engineer at Centripetal, said: “In my work with clients to enhance their proactive security stance, it’s common to begin by identifying malware or data exfiltration that has already occurred in their environment. It can be a disorienting experience with a wide variety of possible emotional phases. I reassure them, saying that this is an all-too-common finding in the world we live in today; that they are, by and large, not alone. This current event is case-in-point: if a global company with as much money and human resources is having the same struggle as the rest of us to limit the depth and damage of intrusions, a different approach is required to be proactive against today’s cyber threat.”