Toyota just experienced three data breaches within five weeks. The first breach hit Toyota’s Australian subsidiary, while the second hit several Toyota and Lexus dealerships in Japan. The third breach hit Toyota Vietnam. Over 3.1 million customers were impacted in the second breach.
The sales subsidiaries hit in the second breach included: Toyota Tokyo Sales Holdings Co., Ltd. Tokyo Tokyo Motor Co., Ltd., Tokyo Toyopet Co., Ltd., Toyota Tokyo Corolla Co., Ltd., Nets Toyota Tokyo Co., Ltd. Further, 5 subsidiaries were also hit. These include Lexus Koishikawa Sales Co., Ltd., Jamil Shoji Co., Ltd. (Lexus Nerima) and Toyota West Tokyo Corolla Co., Ltd
According to Toyota’s press release malicious actors gained unauthorized access to Toyota’s network onto their servers. An ongoing investigation is trying to determine what information was stolen. At this time, Toyota believes credit card information was not taken. However, Toyota is trying to determine if any customer information was leaked.
In a press release they stated:
“We have not confirmed the fact that customer information has been leaked at this time, but we will continue to conduct detailed surveys, placing top priority on customer safety and security.”
They further stated:
“We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern. We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group.”
After announcing the breach in Japan, offices in Vietnam were hit with a data breach. At this time, there are few details known about this attack. Currently there is no known connection with the Australian breach which occurred late February. This attack was far more disruptive and is believed to be a APT32 attack which shutdown sales. Some security experts believe that the Australian attack was a test to get into Toyota’s more secure network in its main offices in Japan. Toyota has not confirmed any theories; however, they do plan to conduct an internal audit of IT systems.
If your organization was hit with a data breach contact LIFARS today