Fujitsu confirmed that data being sold by cybercriminals is not related to any breaches or attacks on its systems. Last month, a claim appeared on Marketo (the criminal marketplace) selling 4GB of data from Fujitsu, which was marketed widely.
At the time, Fujitsu said it was investigating a potential breach. Speaking to ZDNet, the company said that the details of the source of the information, including whether it originated from Fujitsu systems or environments, were a mystery.
Marketo claimed it had confidential customer information, budget data, company data, and other documents, including project information.
It takes a turn
Both sides of this story confirmed that the data stolen is not connected to Fujitsu but was removed from one of the company’s partners in Japan.
Fujitsu spokesperson Andrew Kane got in touch with ZDNet to confirm the investigation shows the data stolen was not from the company’s systems. Kane noted that even Marketo has changed how they are marketing the stolen data.
Fujitsu is aware that Marketo claims it had uploaded data related to the commercial relationship between a customer in Japan and the company. The confirmation says that Fujitsu was not breached to obtain the data.
Pointing the finger at Toray
Marketo changed its claim saying that the stolen data is from Toray Industries, a Japanese manufacturing giant. The company did not respond to requests for comment.
Ivan Righi, a cyber threat intelligence with Digital Shadows, said in August that the 24.5MB evidence package provided by Marketo had screenshots of Toray data. However, many thought that the data was from Fujitsu and not Toray.
Marketo is still using the Fujitsu logo (clickbait?) to market the stolen data but has changed the description under the photo to be more Toray Industries-oriented. A case like this only goes to show how unreliable a marketplace like Marketo can be.