Fujitsu: Malware on Company Computers Exposed Customer Data

Global business technology colossus Fujitsu issued an apology for exposing customer data, following an investigation precipitated by the discovery of malware on the company's computers.

The Japanese corporation confirmed the cyber incident in a statement issued on March 15.

"After confirming the presence of malware, we immediately disconnected the affected business computers and took measures such as strengthening monitoring of other business computers," Fujitsu said in a statement translated by Google into English. "Additionally, we are currently continuing to investigate the circumstances surrounding the malware's intrusion and whether information has been leaked."

The multinational corporation said it reported the incident to Japanese regulators at the Personal Information Protection Commission.

What remains unclear is exactly how long the data was exposed, which is something Fujitsu customers should want to know, Roger Grimes, data-driven defense evangelist at KnowBe4, explained in a statement. Fujitsu also needs to provide additional details about the breach itself, he said.

"It's especially important to understand how the breach happened," Grimes said. "In order for an impacted customer to regain trust, they need to learn how the attack happened and what steps Fujitsu were taking to make sure it did not happen again (at least using the same attacker methods)."

Fujitsu's Cyber Posture Typical Among Enterprises

This incident highlights the need for enterprises to engage in more proactive cybersecurity strategies, Darren Williams, CEO and founder of BlackFog, said in response to the Fujitsu data leak.

"The reliance on defensive strategies is no longer sufficient and all organizations must refocus on data security," Williams explained in a statement. "As we have seen countless times, cybercriminals will always find a way in, and once they have your data, there is no limit to what they can do to leverage it."

Colin Little, security engineer at Centripetal, sees organizations like Fujitsu far too often learning after the fact that their data has been exposed. He added it can be a very emotional experience for enterprise cybersecurity teams.

"I reassure them, saying that this is an all-too-common finding in the world we live in today; that they are, by and large, not alone," Little said. "This current event is case-in-point: If a global company with as much money and human resources is having the same struggle as the rest of us to limit the depth and damage of intrusions, a different approach is required to be proactive against today's cyber threat."