Toyota suffers second data breach in five weeks

It's been a rough 2019 for the car giant, with its Australia branch recently coming under attack

Shot of Toyota logo at a headquarters

Japanese car manufacturer Toyota has suffered a second data breach in the space of five weeks, leading to the data of 3.1m customers being accessed through a malicious attack.

Toyota said that hackers breached its IT systems and gained access to information belonging to several of its sales subsidiaries.

"We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group," said the company.

The nature of the stolen information is yet to be disclosed but Toyota assured its customers, along with Lexus car owners who are also affected, that customer financial information was not part of the breached data set.

Toyota has also not confirmed whether data on the hacked server has been exfiltrated by the hackers but the company has launched an investigation into the incident.

The nature of the data is still not entirely certain, but experts said that because the data relates to the company's sales arms, the data contained by these subsidiaries could lead to more targeted attacks on customers if the data was exfiltrated at all.

"Current and former owners of Toyota vehicles should be concerned about this breach," said Tim Mackey, senior technical evangelist at Synopsys. "With attackers potentially gaining access to sales records, that data provides a perfect profile from which to build a spear phishing attack."

"Moving forward, Toyota customers receiving any communication purporting to be from Toyota should take extra measures to confirm its legitimacy," he added.

"The ability to forensically analyze a data breach is equally as important as preventing it in the first place," said Simon Whitburn, global SVP of cyber security services at Nominet, in a statement sent to IT Pro

"With so much at risk for customers, businesses cannot afford to play a guessing game about whether data was stolen. Monitoring data patterns at a DNS level is a good place to start, as packets could be analyzed and tracked from source to whatever server they were exfiltrated to." 

In late February 2019, Toyota Australia was hit by an "attempted cyber attack", according to a brief company announcement.

At the time, the company believed that no private employee or customer data was acquired through the attack and that the company's own IT department was managing the situation.

Following the news, analysts attributed the initial attack on Toyota to a group labelled 'APT32' or 'OceanLotus Group', a Vietnamese hacking outfit believed to be targeting the auto industry specifically. It's unknown whether the same group could be behind the most recent attack on the car manufacturer.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021