Last year’s hacking incident at Fujitsu – Japan’s largest IT services provider – continues to have widespread repercussions across the country’s corporate sector, renewing concerns that a surge of ransomware attacks may be on its way.
The past month alone saw over 10 Japanese companies reporting that they were affected by the hacking attack at Fujitsu last year, including tech giant Kyocera, clothing maker Goldwin, and real estate developer Sekisui House.
Tokio Marine & Nichido Fire Insurance was likewise among those companies forced to acknowledge to customers last month that it was potentially affected by the Fujitsu leak, sources told the Financial Times. Tokio Marine – a leading underwriter of cyber insurance in Japan – had to write to its corporate clients to discuss the breach and the potential loss of data, the same sources said.
“The response from Tokio Marine is very significant,” a cybersecurity analyst advising one of the companies affected by the Fujitsu hacking incident was quoted as saying. “Clients of insurers share a lot of data that ransomware gangs target, and there will be a lot of concern around what kind of access the hackers got.”
On Dec. 9, Fujitsu received information from the police that triggered an internal investigation into a cyber incident. It turned out that a cyber attack had taken place, allowing external access to communications sent through a Fujitsu-based email system.
Fujitsu supplies internet services and infrastructure to thousands of companies across Japan.
While Fujitsu admitted it was hacked, apologized, and cooperated with police investigation into the cybercrime, it refused to disclose how many of its customers were targeted, the Financial Times reported.
Cybersecurity experts said that the December 2022 attack on Fujitsu checked out with the tactics of professional hacking groups in Russia and Belarus, whose modus targeted Japanese organizations in particular because of their relatively low-level cyber defenses and high willingness to pay ransoms.
New data from IBM Security showed a rise in the cost of ransomware attack-caused data breaches. The global average cost of a data breach was now US$4.35 million in 2022 – the highest the cybersecurity consultant had ever recorded – while the average global cost of a ransomware attack to the company suffering through it was US$4.54 million, excluding payment of the ransom itself.
The December 2022 Fujitsu hacking incident was the second significant cyber attack on the company. In 2021, Fujitsu’s cloud service for government agencies was also hacked, causing a data breach at the foreign ministry and the cabinet office, among other government agencies.