Jump to content
  • Toyota warns customers of data breach exposing personal, financial info


    Karlston

    • 575 views
    • 2 minutes
     Share


    • 575 views
    • 2 minutes

    Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack.

     

    Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.

     

    Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about successfully compromising the Japanese automaker's division.

     

    The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their blackmail.

     

    At the time, a Toyota spokesperson told BleepingComputer that the company had detected unauthorized access on some of its systems in Europe and Africa. The company took certain systems offline to contain the breach, which impacted customer services.

     

    Presumably, Toyota has not negotiated a ransom payment with the cybercriminals, and currently, all data has been leaked on Medusa's extortion portal on the dark web.

     

    medusa.png

    Stolen data available for download via Medusa's extortion portal (BleepingComputer)

     

    Earlier this month, Toyota Kreditbank GmbH in Germany was identified as one of the impacted divisions, admitting that hackers gained access to customers' personal data.

     

    German news outlet Heise received a sample of the notices sent by Toyota to German customers, informing that the following data has been compromised:

     

    • Full name
    • Residence address
    • Contract information
    • Lease-purchase details
    • IBAN (International Bank Account Number)

     

    This type of data can be used in phishing, social engineering, scams, financial fraud, and even identity theft attempts.

     

    letter.jpg

    Notice sent to impacted customers (Heise)

     

    The notification verifies the above data as compromised based on the ongoing investigation. However, the internal investigation isn't complete yet, and there remains a possibility that attackers accessed additional information.

     

    Toyota promises to promptly update affected customers should the internal investigation reveal further data exposure.

     

    BleepingComputer has contacted Toyota for additional information, like the exact number of exposed customers, but we have not heard back by publication time.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...