Fujitsu to discontinue ProjectWEB tool after Japanese govt data breaches

In a statement released on Thursday, Japanese tech giant Fujitsu attributed a Japanese government data breach earlier this year to its ProjectWEB tool.

In May, multiple government agencies — including the Ministry of Land, Infrastructure, Transport, and Tourism; the Cabinet Secretariat; and Narita Airport — were hacked through the software-as-a-service platform.

ZDNet Recommends

Best security key 2021

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

A Fujitsu spokesperson at the time confirmed to ZDNet’s Campbell Kwan that there was “unauthorized access to ProjectWEB, a collaboration and project management software, used for Japanese-based projects.” They suspended use of the tool and informed all impacted customers.

After an investigation, Fujitsu said on Thursday that it appointed a CISO in October and put in place “measures to prevent reoccurrence… under a new information security management and operation framework.”

Fujitsu added that the cause of the incident is still being verified by a committee of internal experts as well as Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), which will sign off on releasing any more information about the incident.

Fujitsu plans to “introduce a new project information sharing tool that addresses the issues raised by this incident with robust information security measures, including those in line with zero-trust practices, and will be migrating project management tasks to the new tool.”

Japanese news outlets said more than 75,000 emails from the Ministry of Land, Infrastructure, Transport, and Tourism were leaked in the attack in May. Information on business partners, employees, and the inner workings of government cybersecurity services, as well as Narita Airport, were also stolen during the attack.

Today’s news was first reported by Bleeping Computer.

Previous Post
Malicious npm packages are stealing Discord tokens
Next Post
Best online doctorate in organizational leadership 2021: Top picks

Related Posts

No results found.