Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information.
Fujitsu also did not say what kind of personal information may have been stolen, or who the personal information pertains to — such as its employees, corporate customers, or citizens whose governments use the company’s technologies.
Headquartered in Japan, Fujitsu has about 124,000 employees and serves government and private sector customers globally.
Fujitsu said it reported the incident to Japan’s data protection authority, Personal Information Protection Commission, “in anticipation” that personal information may have been stolen.
The company has not said whether it has filed required data breach notices with any other government or authority, including in the United States.
A lengthy investigation into the European Union’s use of Microsoft 365 has found the Commission breached the bloc’s data protection rules through its use of the cloud-based productivity software.
Announcing its decision in a press release today, the European Data Protection Supervisor (EDPS) said the Commission infringed “several key data protection rules when using Microsoft 365”.
The regulator, which oversees’ EU institutions’ compliance with data protection rules, opened a probe of the Commission’s use of Microsoft 365 and other US cloud services back in May 2021.
Yet use of Microsoft 365 routinely results in data flowing back to Microsoft’s servers in the US.
Over the last few years, Microsoft has responded to amped up EU regulatory risk attached to data transfers by expanding a data localization effort focused on regional cloud customers — in an infrastructure it’s branded the “EU Data Boundary for the Microsoft Cloud”.
Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline.
Robert Davis, a spokesperson for Canterbury City Council, told TechCrunch last week that the council’s initial investigation suggests that no customer data was accessed.
However, the U.K.’s Information Commissioner’s Office told TechCrunch on Friday that the data regulator has received a breach report from the three councils.
Thanet District Council spokesperson Clare Winter shared an updated statement with TechCrunch, which has also been published on the council’s website.
“Thanet District Council is currently limiting access to a number of its online systems,” the statement reads.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims.
San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 data breach victims from a file share on its network during an intrusion in March 2023.
Orrick also said it notified health insurance company MultiPlan, behavioral health giant Beacon Health Options (now known as Carelon) and the U.S. Small Business Administration that their data was also compromised in Orrick’s data breach.
The data also includes medical treatment and diagnosis information, insurance claims information — such as the date and costs of services — and healthcare insurance numbers and provider details.
The number of individuals known to be affected by this data breach has risen by threefold since Orrick first disclosed the incident.
Here we go again: 2023’s badly handled data breaches Delays, silence and unanswered questions follow these organizations into the new yearLast year, we compiled a list of 2022’s most poorly handled data breaches looking back at the bad behavior of corporate giants when faced with hacks and breaches.
That included everything from downplaying the real-world impact of spills of personal information and failing to answer basic questions.
Samsung won’t say how many customers hit by year-long data breachSamsung has once again made it onto our badly handled breaches list.
Lyca Mobile later admitted a data breach, in which unnamed attackers had accessed “at least some of the personal information held in our system” during the hack.
Data leaked by the gang, and reviewed by TechCrunch, included the personal data of thousands of CommScope employees, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, passport scans and bank account information.
As the SEC’s new data breach disclosure rules take effect, here’s what you need to know The controversial regulation represents a major shake-up for U.S. organizationsStarting from today, December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours.
In an 8-K filing, breached organizations must describe the incident’s nature, scope, timing, and material impact, including financial and operational.
In addition to the SEC’s new data breach disclosure rules, the regulator has also added a new line item called Item 106 to the Regulation S-K that will be included on a company’s annual Form 10-K filing.
In a recent interview with TechCrunch, Sullivan said he welcomed the SEC’s data breach reporting rules, saying: “We can nitpick the details as much as we want, but this is the right way to do it,” he said.
Until now, many organizations have taken months to report a breach and only did so after they had completed their investigation.
