Notice Regarding Update on Unauthorized Access to Project Information Sharing Tools

Fujitsu Limited

Tokyo, August 11, 2021

Fujitsu is today offering an update on the findings its investigation and analysis of the unauthorized access to its project information sharing tool "ProjectWEB” (referred to below as “the tool”), which was initially disclosed by the company in May, 2021.

On May 6 of this year, Fujitsu detected possible instances of unauthorized access to projects using the tool and initiated an investigation.

For the subsequent investigation into the scope of the impact and the cause of the unauthorized access, Fujitsu gathered its security specialists and established a company-wide organization under the direct supervision of the CEO. As a result, it was discovered that 129 customers in Japan experienced unauthorized access including viewing or downloads of portions of the information stored by the tool. The data viewed or downloaded in these instances includes information related to customers’ systems (information on types of devices and hardware used in the systems), materials related to project management (organization charts, meeting notes, lists of work items, progress management tables, documents concerning in-house administrative procedures, etc.), as well as additional public information. It has also been confirmed that some of the data included personal information such as the names and e-mail addresses of customers and other parties concerned.

In this case, it has been found that a third party exploited a legitimate ID and password to make unauthorized access to the tool through normal channels of authentication and communication. It is highly possible that the reason why the user was able to log in through normal channels with a proper ID and password is the exploitation of a vulnerability in this tool.

Fujitsu has reported details of the incident to the impacted customers individually and has taken all necessary measures. Fujitsu would again like to take the opportunity to express its sincere regret to all those involved for the great concern and inconvenience caused.

Fujitsu regards this matter seriously and will continue to do its utmost to work together alongside its customers as a trusted partner, consulting with the relevant authorities as it aims to swiftly resolve the issue and reestablish customers’ peace of mind. Furthermore, to further action regarding the cause of this incident and the measures taken in response, Fujitsu has established a committee comprised of external experts(*) to conduct verification work from an objective viewpoint. Based on the findings of the committee as well as the results of its own investigation, Fujitsu will take additional measures to prevent a recurrence.

* The committee is comprised of the following external experts