It was found that there was an unauthorized access to Fujitsu's information sharing software, which is widely used by government offices and companies, and that the Ministry of Land, Infrastructure, Transport and Tourism and the Cabinet Secretariat, which use this software, also leaked information.

At least 76,000 e-mail addresses such as staff have been confirmed by the Ministry of Land, Infrastructure, Transport and Tourism, and data leaks related to system equipment of the Cyber ​​Security Center have been confirmed by the Cabinet Secretariat, and Fujitsu has stopped operating the software and is investigating the impact.

The software for sharing project information called "Project WEB" developed by Fujitsu is widely used by government offices and companies, but it has been accessed illegally and information on aircraft operation management at Narita Airport using this software. It was revealed on the 20th of this month by the announcement of the Narita Airport Company that such items were stolen.



On the 26th, the Ministry of Land, Infrastructure, Transport and Tourism

confirmed that


at least 76,000 e-mail addresses and


information on the e-mail system and Internet settings in the ministry were leaked. I made it clear.



In addition, it was confirmed that the Cabinet Cyber ​​Security Center of the Cabinet Secretariat also leaked data indicating what kind of equipment the information system in the center is composed of due to unauthorized access to this software.



The Cabinet Cyber ​​Security Center says, "We have taken measures to prevent attacks based on the leaked information, but we would like to continue to strengthen our vigilance."



Fujitsu was investigating the extent of the impact after suspending the operation of this software, and said that unauthorized access and information leakage were confirmed by multiple organizations including central ministries and agencies. We will continue to consult with you and make every effort to support the victims. "

Ministry of Foreign Affairs also announces outflow

The Ministry of Foreign Affairs announced that the materials provided to Fujitsu had been leaked to the outside.



According to the Ministry of Foreign Affairs, the leaked material was a study material for the realization of digital-related policies promoted by the Ministry of Foreign Affairs, and since some of the information contained personally identifiable information, the facts were notified to the relevant person. about it.



However, the impact on the system and operations of the Ministry of Foreign Affairs has not been confirmed, and the Ministry of Foreign Affairs has requested Fujitsu to investigate the cause and prevent recurrence.

Data sharing software in question Can be accessed from outside

Fujitsu's software "Project WEB", which was illegally accessed this time, is a system engineer involved in the construction and operation of business systems commissioned by Fujitsu at government agencies, companies, and research institutes. It is also used by programmers of partner companies to share data.



It may also be used by the person in charge of the outsourcing organization to check the progress.



The data is stored in Fujitsu's data center, can be accessed from the outside using the Internet, and is not bound by the framework of the organization, and it is a feature that related parties can share the data, and the data to be stored varies depending on the organization. However, it does mean that data that is essential for system operation may be stored.



According to Fujitsu, as of 2009, the software was used in 3000 places such as government agencies and companies, but the current number of customers is not disclosed.

Expert "Prompt information sharing and coping"

Professor Hiroki Takakura of the National Institute of Informatics, who is familiar with information systems and security, said that this time, a series of unauthorized access was made at central ministries and airports. It is terrifying that it has caused damage to various organizations, and it should be taken seriously that it was aimed at a place to store important information related to the operation of the system of the central government agency. "



The leaked information also includes data such as the devices that make up important systems in the organization. "This information is a material for attackers to consider where and how to attack. Well, I'm afraid that it will lead to the next cyber attack. "



Regarding Fujitsu, which was developing and operating the software this time, he said, "We should take measures such as detailed access control and detection of taking out more data than necessary so that important data cannot be collected in its entirety." He added, "This time, it was first revealed that there was unauthorized access at Narita Airport, and then information sharing may have been slow. New attacks even at the stage where the extent and cause of the damage are unknown. Information should be released promptly so that the target organization can take action so that it will not be invited, and the content and cause of the leaked information should be disclosed firmly in the future. "



On the other hand, regarding organizations such as central ministries and agencies that outsource the system to Fujitsu, "We do not leave safety management to the contractor, but grasp in advance what kind of information is shared by our own organization and what is the worst if leaked. However, in the event of an attack, it is necessary to devise a countermeasure to keep the work going, while minimizing the damage. "



On top of that, "In Japan, when an IT system is in trouble, it is often the case that the outsourcer's organization blames the outsourcer and imposes responsibility, but it is common to deal with sophisticated attacks. It is important to maintain close communication and facilitate information sharing. "