Data breaches at Toyota: the company once again warns customers of a breach

• Toyota faced a series of significant data breaches in 2023.
• Toyota’s 2023 cybersecurity crisis: Medusa attack and data compromise.
• Toyota’s decade-long battle against data breaches highlights global data protection challenges.

Data security has become paramount in a world increasingly reliant on digital technologies. Toyota, a global leader in the automotive industry, has recently faced a series of significant data breaches, raising concerns about the safety of customer information. These incidents at Toyota Financial Services (TFS) and other divisions have exposed millions of customers’ sensitive personal and financial details, highlighting the vulnerabilities even large corporations face in the digital age.

Toyota Financial Services, a division of Toyota Motor Corporation, operates in almost all markets where Toyota vehicles are sold, offering automotive financing services.

The company issued a statement on its website: “Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.”

Immediate response and advisories

Toyota Financial Services advised its German customers to remain alert, contact their banks for added security measures, monitor unusual activities, and check their credit status with Schufa. The company has also reported the breach to North Rhine-Westphalia’s data protection officer.

Previously, Toyota acknowledged unauthorized access to some of its European and African systems, following claims by the Medusa ransomware group that it had compromised the automaker’s division.

Medusa, also known as MedusaLocker, has claimed responsibility for the breach and listed Toyota Financial Services on its Tor-based leak site, threatening to release the stolen data unless a US$8 million ransom is paid within ten days. Evidence, including screenshots and a file directory made public by the attackers, indicates that the data was extracted from Toyota Financial Services’ systems in Germany.

SecurityWeek reported that the hackers’ published screenshots reveal various corporate documents, spreadsheets with personal data, and copied passports. Cybersecurity expert Kevin Beaumont suggested that the Medusa group might have exploited the Citrix NetScaler vulnerability, CVE-2023-4966 or CitrixBleed, to infiltrate the company.

Beaumont noted that Toyota Financial Services had an exposed Citrix Gateway system in Germany, potentially vulnerable to CitrixBleed attacks. This vulnerability has been widely exploited in ransomware attacks, including by the LockBit group against government, legal, and banking institutions. LockBit also claimed responsibility for a recent attack on China’s largest bank – which had an exposed Citrix system.

Beaumont also identified vulnerable, internet-exposed Citrix devices belonging to Boeing and Australian shipping firm DP World, which were recently targeted. It appears Toyota has not engaged in ransom negotiations with the attackers, and as a result, all the compromised data is now available on Medusa’s dark web extortion portal. Toyota Kreditbank GmbH in Germany has acknowledged the breach, admitting that hackers have accessed customer data.

Heise obtained a sample of Toyota’s communications to German customers, confirming that names, addresses, contact information, lease-purchase details, and IBAN numbers were among the compromised data, which could be exploited for phishing, scams, and identity theft.

The notification confirms the compromised data, but Toyota’s internal investigation is ongoing, and additional data breaches may yet be uncovered. Toyota has commited to keeping affected customers informed about any further data exposure discovered during the ongoing investigation – arguably, the very least its customers should be able to expect.

Toyota’s historical data breaches

In May of this year, Toyota disclosed a significant data breach, revealing that over two million customer records had been exposed online for the past ten years. This revelation followed the detection of a data leak involving the details of 260,000 car owners.

In a recent statement, Toyota acknowledged an additional set of data that was inadvertently made available externally due to a misconfiguration in Toyota’s connected cloud service. This service provides various internet services in the company’s vehicles, including vehicle information, in-car entertainment, and emergency support in case of accidents or breakdowns.

The issue came to light during an extensive review of Toyota’s cloud infrastructure, following an earlier admission this month that customer data was publicly accessible online.

The exposed information includes identifiers for in-vehicle devices and mapping data shown on the navigation systems of Toyota customers in Japan. However, this data does not contain specific location details and is insufficient to identify individual customers. The exposure potentially impacts customers who bought Toyota vehicles since December 2007, with the data breach taking place between February 2015 and May 2023. Toyota plans to issue individual apologies to the customers affected by this breach.

Toyota has also confirmed that an unspecified number of customers outside Japan, particularly in Asia and Oceania, also had their personal information exposed between October 2016 and May 2023. The nature of the exposed data varies but may include names, addresses, Toyota-specific customer numbers, and vehicle registration and identification details. The company intends to inform these customers, as per regional legal requirements.

Moving forward: Toyota’s commitment to data protection

In summary, Toyota’s string of data breaches serves as a potent reminder of global companies’ challenges in safeguarding personal information in the digital era. While Toyota is taking steps to address these breaches and inform affected customers, the incidents underscore the ongoing need for robust cybersecurity measures across industries. As Toyota continues its investigation and strengthens its digital defenses, these events highlight the importance of vigilance and proactive strategies in data protection.

---

---

---