Islamabad, Aug 21: After a hacker posted an archive with 240 GB of stolen data on a hacking community, Toyota has verified that a third-party data breach exposed customer information.While acknowledging the issue, the corporation made clear that it is a localized problem rather than a systemic one. Toyota said they are in communication with individuals impacted and prepared to help if required. They haven’t yet disclosed the number of people impacted, how the attacker obtained the data, or the date the breach was found.
A spokesman then provided clarification, stating that there was no direct compromise of Toyota Motor North America’s systems. Rather, the information was taken from a third party that was falsely identified as Toyota.
The third-party entity’s name was withheld by the spokeswoman.ZeroSevenGroup reported the breach, claiming to have breached a U.S. branch and taken 240 GB of data, including details on contracts, financial information, personnel and customer information at Toyota, and network infrastructure information. They allegedly gathered this information from Active Directory environments using the ADRecon tool.
The data may have been accessed or produced on December 25, 2022, even though Toyota has not disclosed the exact date of the breach. This could mean that the threat actor was able to access a backup server.
This event comes after a slew of earlier Toyota data breaches. Toyota Financial Services informed clients in December of last year that a Medusa ransomware assault had resulted in a data breach that exposed their financial and personal information. Toyota disclosed another hack earlier in May, this time involving the misconfiguration of a cloud database that left over two million customers’ location data exposed for almost ten years. In response to these events, Toyota put in place an automatic system to keep an eye on and secure cloud setups in order to stop leaks in the future. A hack into several Toyota and Lexus sales divisions occurred in 2019, which led to the loss and theft of up to 3.1 million customer records.