Fujitsu operates a cloud called "FENICS" and in February 2023
admitted that in December 2022 it had detected network misconfigurations that allowed unauthorized remote access to the service.
Last Friday the Ministry of Internal Affairs and Communications
detailed earlier breaches on mail servers that led to data leaks in May and June 2022. As FENICS is mostly used by government and large corporate clients, news of the security SNAFU is most unwelcome. After announcing the network issues at FENICS, Fujitsu ate crow and promised to do better. But last Friday the Ministry of Internal Affairs and Communications took the rare step of issuing a
public rebuke in which it called on the Japanese tech icon to do better in future, to give a full accounting of the FENICS breaches and remediation, and for management to step up and make infosec a priority.
The reprimand comes after Fujitsu
took down a system for issuing official documents ordered using Japan's My Number ID card, and after other high profile messes such as the
supply chain attack on its ProjectWEB service and coverup of issues in the
Horizon application deployed to the UK Post Office.
www.theregister.com
