Update Regarding Unauthorized Access to Project Information Sharing Tool
Tokyo, December 9, 2021
Fujitsu today announced its latest findings and countermeasures regarding the unauthorized access to Fujitsu’s "ProjectWEB” tool announced earlier this year.
In response to the issues revealed during Fujitsu’s review into the incident, a dedicated CISO was appointed on October 1st of this year, and measures to prevent reoccurrence have been formulated under a new information security management and operation framework. Fujitsu Limited will introduce a new project information sharing tool that addresses the issues raised by this incident with robust information security measures including those in line with zero-trust practices and will be migrating project management tasks to the new tool. As a result of the review, it was decided to discontinue the use of the existing information sharing tool.
Regarding the incident, Fujitsu conducted a review considering all possibilities, including intrusion by exploiting vulnerabilities and malware infection of the terminals of operation administrators and general users. The internal review, which has already concluded, confirmed several types of potential vulnerabilities that a third party could exploit. One of these was used to illegitimately obtain legitimate IDs and passwords to make unauthorized access to ProjectWEB in such a way that it appeared like an authorized user was accessing the tool through normal channels of authentication and communication.
At present, the cause of this incident and our company's response are additionally being verified by a committee comprised of external experts. In addition, from an objective and technical perspective, Fujitsu is consulting with the National center of Incident readiness and Strategy for Cybersecurity (NISC) to confirm the appropriateness of the investigation into the cause of this incident and the confirmation of the extent of impact of the incident. Based on the results of the verification by the external committee and advice from Japan’s NISC and other relevant authorities, Fujitsu will summarize this matter at an appropriate time. Fujitsu will additionally respond to any issues pointed out regarding the new tool based on the results of future verification, improving security measures required in response to changes in technology and threat trends.
Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products, solutions and services. Approximately 126,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.6 trillion yen (US$34 billion) for the fiscal year ended March 31, 2021. For more information, please see www.fujitsu.com.
Public and Investor Relations Division
Company: Fujitsu Limited
Date: 9 December, 2021
City: Tokyo, Japan
Company: Fujitsu Limited