Share this article on:
Toyota has confirmed that a cyber attack has occurred on its systems after threat actors claimed to have breached the company’s network and stolen 240 gigabytes of data.
In a post on infamous hacking forum BreachForums, a threat actor by the name of ZeroSevenGroup claimed to have breached a US Toyota branch and exfiltrated data.
“We have hacked a branch in United State[s] to one of the biggest automotive manufacturer in the world ( TOYOTA ),” the threat actor said.
“We are really glad to share the files with you here for free.
“Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data.”
As previously stated, ZeroSevenGroup provided access to the stolen data free of charge through three download links.
The file tree suggests that data was ripped from the branch’s intranet or a range of company machines, with folders listing the names of individuals and those with administrator accounts.
While it is unclear how long the threat actor was on the Toyota branch’s network, the files are dated 25 December 2022, suggesting the data is almost two years old. This could have been stored on a legacy server, explaining the lack of more modern data.
Speaking with BleepingComputer, Toyota confirmed the incident.
“We are aware of the situation. The issue is limited in scope and is not a system-wide issue,” said Toyota, adding that it was “engaged with those who are impacted and will provide assistance if needed”, but it has yet to provide information on when it discovered the breach, how the attacker gained access, and how many people had their data exposed in the incident.”
However, when Cyber Daily contacted Toyota North America about the issue, the team that was contacted said it was unaware of the incident at the time.
This is likely an indication that communications within Toyota, being one of the largest car manufacturers in the world, have not yet trickled down to all teams.
The past few years have seen Toyota affected by a number of data breaches. In November last year, the Medusa ransomware gang claimed an attack on Toyota Financial Services in Germany, posting screenshots of several documents to prove the hack is real, alongside a file tree of all the exfiltrated data.
In May of the same year, the company revealed that a data breach led to the car-location data of 2.15 million customers being exposed, spanning almost 10 years, starting 6 November 2013 to 17 April 2023.
“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation (hereinafter referred to as TC) to manage had been made public due to misconfiguration of the cloud environment,” said the Toyota release on the matter, translated from Japanese.