Global business technology giant Fujitsu has apologized for leaking customer data, following an investigation precipitated by the discovery of malware on the company’s computers.
Japanese society confirmed the cyber incident in a statement released on March 15.
“After confirming the presence of the malware, we immediately disconnected the affected company computers and took measures such as strengthening monitoring of other company computers,” Fujitsu said in a statement translated by Google into English. “Additionally, we are currently continuing to investigate the circumstances surrounding the malware intrusion and whether any information was leaked.”
The multinational said it had reported the incident to Japanese regulators at the Personal Information Protection Commission.
What’s unclear is exactly how long the data was exposed, which is something Fujitsu customers should want to know, Roger Grimes, data-driven defense evangelist at KnowBe4, explained in a note. Fujitsu will also have to provide further details about the breach itself, he said.
“It is especially important to understand how the breach occurred,” Grimes said. “For an affected customer to regain trust, they need to know how the attack occurred and what measures Fujitsu was taking to ensure it doesn’t happen again (at least using the same methods as the attacker).”
Fujitsu’s IT posture typical of companies
This incident highlights the need for businesses to do more proactive cybersecurity strategies, said Darren Williams, CEO and founder of BlackFog, in response to the Fujitsu data leak.
“Relying on defensive strategies is no longer sufficient, and all organizations must refocus on data security,” Williams said in a statement. “As we’ve seen countless times, cybercriminals always find a way to get in, and once they have your data, there’s no limit to what they can do to exploit it.”
Colin Little, security engineer at Centripetal, believes that organizations like Fujitsu too often learn after their data has been exposed. He added that it can be a very emotional experience for corporate cybersecurity teams.
“I reassure them that this is an all-too-common finding in the world we live in today; that they are not, by and large, alone,” Little said. “The current event is a case in point: If a global company with lots of money and human resources is facing the same struggle as the rest of us to limit the depth and damage of intrusions, a different approach is needed to be proactive against the threat information technology today.”