Toyota

Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack.

Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.

Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about successfully compromising the Japanese automaker’s division.

The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their blackmail.

At the time, a Toyota spokesperson told BleepingComputer that the company had detected unauthorized access on some of its systems in Europe and Africa. The company took certain systems offline to contain the breach, which impacted customer services.

Presumably, Toyota has not negotiated a ransom payment with the cybercriminals, and currently, all data has been leaked on Medusa’s extortion portal on the dark web.

Stolen data available for download via Medusa's extortion portal
Stolen data available for download via Medusa’s extortion portal (BleepingComputer)

Earlier this month, Toyota Kreditbank GmbH in Germany was identified as one of the impacted divisions, admitting that hackers gained access to customers’ personal data.

German news outlet Heise received a sample of the notices sent by Toyota to German customers, informing that the following data has been compromised:

  • Full name
  • Residence address
  • Contract information
  • Lease-purchase details
  • IBAN (International Bank Account Number)

This type of data can be used in phishing, social engineering, scams, financial fraud, and even identity theft attempts.

Notice sent to impacted customers
Notice sent to impacted customers (Heise)

The notification verifies the above data as compromised based on the ongoing investigation. However, the internal investigation isn’t complete yet, and there remains a possibility that attackers accessed additional information.

Toyota promises to promptly update affected customers should the internal investigation reveal further data exposure.

BleepingComputer has contacted Toyota for additional information, like the exact number of exposed customers, but we have not heard back by publication time.

Source: www.bleepingcomputer.com