3 min Security

Update: Toyota points to third party in latest data theft case

Update: Toyota points to third party in latest data theft case

Update 21/08/2024 by Martijn van Best – In its latest response, Toyota reveals that the company was not hacked itself. Instead, the company points its finger to an unnamed third party. Despite the ZeroSevenGroup hackers’ claim to have stolen data directly from Toyota’s US branch, the company denies that its own systems were hacked.

However, Toyota does not deny that data from its customers was stolen. Furthermore, the company did not share which third party was involved, although it seems likely that it is a party that stores customer data on behalf of Toyota. Since Toyota has fallen victim to hacking attacks multiple times in the past, the carmaker probably wants to make it clear that this time it is not due to a vulnerability in its own systems.

Original article 20/08/2024 – Japanese automotive group Toyota has confirmed that it was targeted by a hacking attack that captured data. This included data from Toyota employees, contract data, information about network infrastructure, and linked passwords.

The hacking attack on Toyota became public after hackers from the ZeroSevenGroup shared the Japanese concern’s captured data on a hacker forum. According to them, the data was captured after a hack of the concern’s facility in the United States.

The stolen 240 GB of data include contact information, financial data, customer data, employee data, photos, DBs and data on Toyota’s network infrastructure. The hackers also offered data they found using the so-called “AD-Recon tool. This mainly involves login credentials and data from Active Directory environments.

Confirmation of hack attack

Toyota has confirmed the hacking attack with Bleeping Computer. According to the company, the amount of data stolen in the hacking attack is limited in scope and is not a problem in which the company’s entire IT system was affected.

The automotive and tech giant is said to have since notified affected individuals and companies about the attack. Toyota provides no further information on when the leak was discovered, how it occurred, or how many individuals in the data were exposed.

Bleeping Computer’s research indicates that the now-leaked files were stolen on or created on Dec. 25, 2022. This date could mean that the hackers had access to a backup server where this data would have been stored.

Previous Toyota hacks

Toyota has previously been the victim of several hacks. Last December, Toyota Financial Services (TFS) warned customers that sensitive personal and financial data had been exposed in a data breach by a Medusa ransomware attack on the European and African divisions of the company’s auto finance arm.

In 2023, Toyota also disclosed that for a period of ten years, between Nov. 6, 2013 and April 17, 2023, the auto location data of more than 2.1 million customers was accessible due to a misconfiguration in the company’s cloud environment. It was later revealed that two more misconfigured cloud services could leak customer data.

Finally, in 2019, Toyota and Lexus outlets were hacked, stealing data from more than 3.1 million customers.

Also read: Toyota warns that the data of 300,000 customers may have been stolen