Update Regarding Unauthorized Access to Project Information Sharing Tools

Fujitsu Limited

Tokyo, September 24, 2021

As previously announced, Fujitsu has established a company-wide organization under the direct supervision of the CEO to review the unauthorized access to Fujitsu’s project information sharing tool "ProjectWEB”, and continues to take all appropriate actions to report individually to customers and related parties and to implement follow up measures as necessary. Furthermore, in light of the seriousness of the situation, Fujitsu has additionally been in consultations with the relevant authorities and proceeding with verification work from an objective point of view by establishing a committee comprised of external experts to examine the cause of this incident and the Company's response.

To further restore trust as soon as possible, Fujitsu will take the additional action of appointing a dedicated CISO as of October 1, 2021, strengthening efforts to prevent a recurrence under a new information security organization, including the way information is managed.

Fujitsu would like to again express its sincere regret for the inconvenience and concern caused to all those impacted by this matter.

Specific measures being taken in light of this incident are as follows:

1．Strengthening Information Security Organization

1. Appointment of dedicated CISO and Deputy CISO
   

   • As of October 1, Mr. Masahiro Ota will be appointed as CISO, and Mr. Toru Hanayama will be appointed as Deputy CISO.
   • Implementation of measures that take into account the specialized nature and uniqueness of information security risk management, as well as the actual situation at the workplace.
2. New Information Security Management and Operation Framework
   

   • Strengthening the leadership of relevant divisions within the company through the CISO and restructure the framework for overall management of information management.
   • Reallocation of the resources that lead each department regarding information security to an organization under the direct control of CISO.
   • Improvement of CISO-centric emergency call-up schemes for senior management and response personnel to improve initial response speed in large-scale security incidents.
   • Strengthening the CISO organization to centrally manage internal security systems, including cooperation with related external organizations and authorities.

2. Measures to Prevent Recurrence and Take Further Security Measures

• In parallel with the verification work of the external committee, CISO-led efforts were made to strengthen measures to prevent unauthorized access to information sharing tools and strengthen operational information management in response to potential information security risks.
• Further improvement of security measures, including the creation of information systems that do not rely on human resources, such as the automation of operation monitoring.