According to Fujitsu’s official statement, the data being sold by Marketo, a criminal marketplace, is not from the company’s systems.
As we wrote last week, TechRadar reported that Marketo claimed to have 4GB worth of Fujitsu data. The forum posted this batch of data back in August and marketed it since then.
Fujitsu, while investigating the potential breach issue, said that it did not find who was behind the breach. However, Marketo claims that it has customer information, company data, budget information, and other crucial documents, such as project information.
On 10th September, Fujitsu and Marketo confirmed that the former is not the victim of this stolen data. Instead, the breached information has links to one of Fujitsu’s affiliates.
Fujitsu’s spokesperson, Andrew Kane, said after this information was revealed, Marketo altered its description of this breached data. He also mentioned that while the company knows that Marketo said it uploaded data to Fujitsu’s connections with a Japanese client, they conducted an investigation nonetheless and confirmed there is no proof that this data was from the Fujitsu systems.
According to ZDNet, Marketo currently says that the stolen data was from Toray Industries, a Japanese manufacturing company.
Ivan Righi, a cyber threat intelligence analyst, said that the 24.5M evidence package from August on Marketo contained data from Toray Industries. The screenshot showed relations to the Japanese company, but the public misunderstood it to be from Fujitsu.
Marketo, however, is still marketing the data with Fujitsu’s logo on the dark web platform. It has only changed the data’s description to emphasize Toray Industries.