In May 2021, multiple Japanese government agencies disclosed that sensitive data had been exfiltrated via Fujitsu’s ProjectWEB platform, an enterprise project information-sharing and collaboration tool used by Fujitsu to deliver IT services to government clients. Fujitsu’s subsequent investigation, completed by December 2021, confirmed that the attackers had obtained legitimate user credentials for ProjectWEB accounts and used those stolen credentials to gain unauthorized access to client project workspaces — avoiding typical intrusion detection by appearing as authenticated users.

Affected organizations included the Cabinet Secretariat (Japan’s central executive coordination office), the Ministry of Land, Infrastructure, Transport and Tourism (MLIT), the Cabinet Cyber Security Center (NISC), and Narita International Airport. The data exfiltrated totalled at least 76,000 email addresses and email system configuration settings. From Narita Airport’s workspace, attackers accessed and stole flight schedule data, air traffic control coordination data, and business operations records. Study materials and internal documents from Japan’s Ministry of Foreign Affairs were also reported as exposed.

Fujitsu’s official response was to suspend and then permanently discontinue the ProjectWEB platform, citing the need to rebuild the service from the ground up using a Zero Trust architecture. The company stated it was developing and migrating customers to a replacement collaboration tool built on Zero Trust principles.

The incident highlighted the systemic risk of shared multi-tenant SaaS collaboration tools used by IT service providers: a single credential compromise at the provider level yielded access to data across multiple government client tenancies simultaneously. The exact method of initial credential theft — whether phishing, credential stuffing, or an earlier unrelated compromise — was not publicly confirmed by Fujitsu. Attribution of the attack was not publicly made by Japanese authorities.