Fujitsu confirms stolen data not connected to cyberattack on its systems

Fujitsu has finished an investigation into the data and said it is related to a customer they do business with.
Written by Jonathan Greig, Contributor

Fujitsu has confirmed that data being marketed by cybercriminals is not related to any cyberattack on its systems.

Criminal marketplace Marketo claimed to have 4GB of data from Fujitsu last month and began marketing it widely.

At the time, Fujitsu said it was investigating a potential breach and told ZDNet that "details of the source of this information, including whether it comes from our systems or environment, are unknown." 

Marketo claimed to have confidential customer information, company data, budget data, reports and other company documents, including project information.

But now, both sides have confirmed that the data stolen is not connected to Fujitsu and is instead related to one of the company's partners in Japan.

Fujitsu spokesperson Andrew Kane sent an update to ZDNet confirming that an investigation revealed the stolen data was not from their systems. He noted that even Marketo has since changed how they are marketing the stolen data. 

"While Fujitsu is aware that Marketo claims that it has uploaded data pertaining to the commercial relationship between Fujitsu and a customer in Japan, we have conducted a thorough review of this incident, and to date, there are no indications that this data comes from Fujitsu systems or environments," Kane said. 

"As for the authenticity and origins of the data, we're not in a position to speculate and will refrain from further comment for the time being."

Marketo has also changed its tune, now writing that the stolen data is entirely from Japanese manufacturing giant Toray Industries. Toray Industries did not respond to requests for comment. 

In August, Ivan Righi, a cyber threat intelligence analyst with Digital Shadows, said that the 24.5MB 'evidence package' initially provided on Marketo had screenshots of data relating to Toray. But many thought the data came from Fujitsu and not Toray Industries. 

Marketo is still using the Fujitsu logo to market the stolen data but has changed the description under the photo to focus on Toray Industries.

While security experts have previously said the data on Marketo is generally accurate, the changes and revelations are yet another example of how unreliable criminal marketplaces like Marketo can be. 

Editorial standards