Japan-based IT behemoth Fujitsu said it has discovered malware on its corporate network that may have allowed the people responsible to steal personal information from customers or other parties.
“We confirmed the presence of malware on several of our company’s work computers, and as a result of an internal investigation, it was discovered that files containing personal information and customer information could be illegally taken out,” company officials wrote in a March 15 notification that went largely unnoticed until Monday. The company said it continued to “investigate the circumstances surrounding the malware’s intrusion and whether information has been leaked.” There was no indication how many records were exposed or how many people may be affected.
Fujitsu employs 124,000 people worldwide and reported about $25 billion of revenue in its fiscal 2023, which ended at the end of last March. The company operates in 100 countries. Past customers include the Japanese government. Fujitsu’s revenue comes from sales of hardware such as computers, servers, and telecommunications gear, storage systems, software, and IT services.
In 2021, Fujitsu took ProjectWEB, the company’s enterprise software-as-a-service platform, offline following the discovery of a hack that breached multiple Japanese government agencies, including the Ministry of Land, Infrastructure, Transport, and Tourism; the Ministry of Foreign Affairs; and the Cabinet Secretariat. Japan’s Narita Airport was also affected.
Last July, Japan’s Ministry of Internal Affairs and Communications reportedly rebuked Fujitsu over a security failing that led to a separate breach of Fenics, another of the company’s cloud services, which is used by both government agencies and corporations. Earlier this year, the company apologized for playing a leading role in the wrongful conviction of more than 900 sub-postmasters and postmistresses who were accused of theft or fraud when the software wrongly made it appear that money was missing from their branches. A company executive said some of the software bugs responsible for the mistakes had been known since 1999.
Fujitsu representatives didn’t respond to requests for comment about last week’s breach disclosure. The company said it reported the incident to Japan’s data protection authority. “We deeply apologize for the great concern and inconvenience this has caused to everyone involved,” last week’s statement said. So far, the company has found no evidence of any affected customer data being misused.