AUTONEWS

Toyota Runs Into Another Security Breach With Hackers Leaking 240GB Of Stolen Data

Large-scale data breaches are a dime a dozen nowadays, but that doesn't make them any less serious or consequential. Automaker Toyota faced yet another breach of its network, this time with around 240GB worth of files. The data reportedly includes personal and staff data, financial documentation, emails, and Toyota's network infrastructure, which were stolen by threat actor ZeroSevenGroup. This is the second major attack on Toyota systems in the last year.

The Japanese automaker confirmed that a malicious actor breached its network and leaked 240GB of stolen data on a hacking forum. Toyota said in a statement, "We are aware of the situation. The issue is limited in scope and is not a system wide issue." The company hasn't revealed any further information regarding the matter, such as the number of people whose data was stolen or when or how ZeroSevenGroup hacked its network.

On the other hand, ZeroSevenGroup claims that the data it accessed through a U.S. branch contains information on Toyota employees and customers, contracts, and financial information. Furthermore, the hacker group say that by using the open-source ADRecon tool (that pulls massive amounts of information from Active Directory environments), it was able to steal network infrastructure information as well. When BleepingComputer sieved through the files, it found that the stolen files were dated December 25, 2022, which seems to point to the likelihood that ZeroSevenGroup accessed the data cache through a backup server.

Late last year, we covered how Toyota's Financial Services group had personal details of millions of customers stolen by extortion group Medusa. The group demanded $8 million, which Toyota didn't pay, leading to the data being released into the wild.

Also, last month, CDK Global, the IT service provider for U.S. Toyota auto dealers suffered a cyberattack that disrupted operations for nearly two weeks. The fallout of that attack were varied: some dealerships couldn't pay their employees, while others had to resort to recording sales with the good old paper and pen.

As we mentioned, even though Toyota isn't the only automaker hit by nefarious attacks in the past year, the past 12 months hasn't been kind to the brand beyond the data security realm. It's had to endure production line shut downs, and a recall for over 100,000 Toyota and Lexus vehicles over potential complete engine failure

Mundoquatrorodas