Toyota has admitted its systems were breached. The Japanese automaker confirmed in a statement that approximately 240GB of data posted on a hacking forum by the threat actor ZeroSevenGroup originated from its systems. Toyota did not specify how many customers were affected by the breach, or the extent to which their personal data had been exposed, but alleged that the overall impact of the breach upon its networks was limited.
“We are aware of the situation,” the automaker told BleepingComputer. Toyota went on to confirm that it is “engaged with those who are impacted and will provide assistance if needed.”
Leaked Toyota data reportedly contains personal info
According to ZeroSevenGroup, the 240GB of data stolen by the group originated from a Toyota outlet in the US. The cache, the threat actor claims, contains personal data on the automakers’ customers and staff in addition to financial documentation, email chains and information about the firm’s network infrastructure. According to BleepingComputer, the files appear to have been stolen or created on 25 December 2022.
This is not the first time Toyota has fallen victim to a cyberattack. In November, a breach at its financial services arm witnessed the exposure of millions of customers’ personal details. Affected customers were swiftly informed, said the organisation at the time, while “Toyota Kreditbank’s systems have been gradually restarted since December 1st.” The Medusa ransomware gang claimed that cyberattack before it attempted to ransom the data for $8m. Whether Toyota paid the sum remains unknown.
Major car dealership disruption after cyber incident
This week’s breach at Toyota follows an outage in July at CDK Global, the software of which is used by thousands of car dealerships across the US. After detecting unusual activity on its networks, the firm shut down its IT systems twice in quick succession, forcing an estimated 15,000 dealerships offline. The impact on these outlets varied considerably. Some reported being forced to record sales manually, while others said they could not pay their staff.
CDK Global reportedly assured customers that its systems would be back up and running by 4 July. “We are continuing the phased approach to the restoration process,” said the firm, “and are rapidly bringing dealers to live on the core DMS (Dealer Management System).” CDK Global’s systems were eventually restored – a fact that multiple reports attributed to the firm paying a $25m ransom to the alleged perpetrators of the cyberattack.