After 240GB of data was put up for sale on a blogger forum, Japan's second largest automaker, Toyota, had to admit that its network system in the US was hacked.
A Toyota representative told Bleeping Computer on August 19, "We are aware of the situation. The impact is limited and does not have an impact on the entire system".
The major Japanese automaker also said it is working with affected parties and will provide assistance if necessary. However, Toyota did not mention details about when the system was hacked, how the hackers accessed it, and how many users had their data exposed in this incident.
Previously, on August 16, hackers named ZeroSevenGroup announced that they had successfully broken into a Toyota branch in the US, stealing 240GB of data containing information about employees, customers, contracts and financial information of the company. This person also said that he has information about the network infrastructure in hand by using the open source tool ADRecon and extracting a large amount of information from the active Directory environment.
According to analysis based on downloaded files, Bleeping Computer experts discovered that the files had been advertised for sale and were created from December 25, 2022 onwards. However, by this specific date, hackers may have accessed the backup server where the data is stored.
It is known that in December 2023, Toyota's subsidiary Toyota Financial Services (TFS) also sent a warning to customers that " sensitive" personal and financial data were leaked in a malware attack to blackmail Medusa. TFS said the incident affected its offices in both Europe and Africa.
In May 2023, Toyota also admitted another attack, leaking vehicle location data of 2,150,000 customers from November 6, 2013 to April 17, 2023. A few weeks later, the company continued to discover two misconstructed cloud services that leaked customers' personal information stored for more than seven years.
After a series of cyber attacks and data leaks, Japanese automaker Toyota said it has deployed an automated system to monitor cloud configurations and install a database for all internal computers to prevent similar leaks.
