Toyota has confirmed a data breach following the exposure of 240GB of sensitive information, leaked by a threat actor on a hacking forum. The leaked archive, shared by the group ZeroSevenGroup, contains extensive details about Toyota employees and customers, including contracts and financial data.
In a statement to BleepingComputer, Toyota acknowledged the situation and said, “We are aware of the situation. The issue is limited in scope and is not a system-wide issue.” Toyota further emphasised that they are engaging with affected parties and providing assistance where necessary. However, they have yet to disclose specifics regarding when the breach was detected, how the attacker gained access, or the exact number of individuals affected.
Also read: Mother of all Breaches: 26 billion records leaked, check if your data is safe
The company later provided a more detailed update, stating that Toyota Motor North America’s systems were not compromised. Instead, the breach originated from a third-party entity falsely represented as Toyota. When asked to reveal the identity of this third-party, Toyota’s spokesperson mentioned that they were “not at liberty to disclose” this information.
ZeroSevenGroup, the group responsible for the leak, claims to have accessed a U.S. branch of Toyota and extracted a substantial 240GB of data. This includes personal information about employees and customers, financial records, and network infrastructure details. They also utilized the open-source ADRecon tool to gather extensive network information, including passwords.
While Toyota has not yet shared the exact date when the breach occurred, BleepingComputer’s investigation suggests that the stolen data may have been archived or created on December 25, 2022. This timeline hints that the attacker might have accessed a backup server where the data was stored.
This breach follows previous incidents involving Toyota’s data security. In December last year, Toyota Financial Services warned of a data breach involving sensitive personal and financial data due to a Medusa ransomware attack affecting the company’s European and African operations. Last year, Toyota also disclosed another breach, revealing that car-location data for 2.15 million customers had been exposed for a decade due to a misconfigured cloud database.
Also watch: