Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Toyota confirms data breach as threat actors claim 240GB exfiltrated and published

Toyota has confirmed that a cyber attack has occurred on its systems after threat actors claimed to have breached the company’s network and stolen 240 gigabytes of data.

user icon Daniel Croft
Tue, 20 Aug 2024
Toyota confirms data breach as threat actors claim 240GB exfiltrated and published
expand image

In a post on infamous hacking forum BreachForums, a threat actor by the name of ZeroSevenGroup claimed to have breached a US Toyota branch and exfiltrated data.

“We have hacked a branch in United State[s] to one of the biggest automotive manufacturer in the world ( TOYOTA ),” the threat actor said.

“We are really glad to share the files with you here for free.

============
============

“Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data.”

As previously stated, ZeroSevenGroup provided access to the stolen data free of charge through three download links.

The file tree suggests that data was ripped from the branch’s intranet or a range of company machines, with folders listing the names of individuals and those with administrator accounts.

While it is unclear how long the threat actor was on the Toyota branch’s network, the files are dated 25 December 2022, suggesting the data is almost two years old. This could have been stored on a legacy server, explaining the lack of more modern data.

Speaking with BleepingComputer, Toyota confirmed the incident.

“We are aware of the situation. The issue is limited in scope and is not a system-wide issue,” said Toyota, adding that it was “engaged with those who are impacted and will provide assistance if needed”, but it has yet to provide information on when it discovered the breach, how the attacker gained access, and how many people had their data exposed in the incident.”

However, when Cyber Daily contacted Toyota North America about the issue, the team that was contacted said it was unaware of the incident at the time.

This is likely an indication that communications within Toyota, being one of the largest car manufacturers in the world, have not yet trickled down to all teams.

The past few years have seen Toyota affected by a number of data breaches. In November last year, the Medusa ransomware gang claimed an attack on Toyota Financial Services in Germany, posting screenshots of several documents to prove the hack is real, alongside a file tree of all the exfiltrated data.

In May of the same year, the company revealed that a data breach led to the car-location data of 2.15 million customers being exposed, spanning almost 10 years, starting 6 November 2013 to 17 April 2023.

“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation (hereinafter referred to as TC) to manage had been made public due to misconfiguration of the cloud environment,” said the Toyota release on the matter, translated from Japanese.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.