Toyota has confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum.
The threat actor, known as ZeroSevenGroup, claims to have breached a U.S. branch of Toyota and stolen 240GB of files containing information on Toyota employees and customers, as well as contracts and financial information. They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool.
“We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB,” the threat actor claims.
“Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords.”
Toyota initially stated that the issue was “limited in scope” and “not a system-wide issue,” but later clarified that Toyota Motor North America’s systems were “not breached or compromised.” They attributed the data breach to a third-party entity that was “misrepresented as Toyota.”
Toyota has not disclosed the name of the breached third-party entity, citing confidentiality concerns.
The stolen data appears to have been accessed on December 25, 2022, suggesting that the threat actor may have gained access to a backup server where the data was stored.
This incident follows a series of data breaches that have impacted Toyota in recent years.
- In December 2022, Toyota Financial Services (TFS) warned customers that their sensitive personal and financial data was exposed in a ransomware attack that impacted the Japanese automaker’s European and African divisions. The attack was attributed to the Medusa ransomware group.
- In May 2023, Toyota disclosed another data breach, revealing that the car-location information of 2,150,000 customers was exposed for ten years due to a database misconfiguration in the company’s cloud environment.
- Weeks later, Toyota found two additional misconfigured cloud services leaking customer personal information for over seven years.
- In 2019, multiple Toyota and Lexus sales subsidiaries were breached, resulting in the theft and leak of up to 3.1 million items of customer information.
Following these incidents, Toyota implemented an automated system to monitor cloud configurations and database settings in all its environments to prevent future data leaks.
It is important to note that Toyota has not confirmed the specific data that was stolen in this latest breach. However, the threat actor’s claims suggest that a significant amount of sensitive information may have been compromised.
Toyota has stated that it is “engaged with those who are impacted and will provide assistance if needed.” The company has not provided further details on its response to the breach.
This incident is a reminder that even large and well-established companies like Toyota are vulnerable to cyberattacks. It is crucial for businesses to take proactive steps to protect their data and systems from these threats.