Toyota confirms data breach after hacking forum notification
Toyota acknowledges that a hacker was able to infiltrate its systems and exfiltrate company data and customer information.
“We are aware of the situation. The issue is limited in scope and is not a system wide issue,” the car manufacturer says in a statement to BleepingComputer when asked about the incident.
Toyota also mentions it’s in touch with potentially affected customers and will help them if needed. However, at the moment the company refuses to say when the data breach was discovered, how the threat actor was able to gain access to the information, and how many people are affected by the incident.
A hacker that goes by the name ‘ZeroSevenGroup’ claims on a popular hacking forum on the dark web that he stole 240 GB of data from Toyota, including private information of employees and customers, as well as financial information and information about Toyota’s network infrastructure.
“We have hacked a branch in the United States of one of the biggest automotive manufacturers in the world (Toyota). We are really glad to share the files with you here for free. The data size: 240 GB. Contents: everything like contacts, finance, customers, schemes, employees, photos, DBs, network infrastructure, emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords,” the threat actor says in a response.
AD-Recon is an open-source tool designed for extracting large amounts of information from Active Directory environments.
The Japanese automaker has been targeted by hackers numerous times in the past. In December 2023, Toyota Financial Services (TFS) Europe & Africa warned its customers that their personal information may have been exposed because of a ransomware attack performed by Medusa. Corporate documents, passport copies, IDs, emails, hashed passwords, and spreadsheets containing various types of personal information were stolen by the ransomware gang.
In May 2023, Toyota told over 2,150,000 customers that their personal information may have been exposed to hackers. Due to a configuration error in the company’s cloud environment, threat actors were able to view their information without a password for at least ten years.
Weeks later, two more misconfigured cloud services were discovered, exposing personal information of Toyota’s customers for over seven years. To prevent this from happening again, the car manufacturer implemented an automated system to monitor cloud configurations and database settings in all its environments.
Your email address will not be published. Required fields are marked