Toyota claims stolen customer data exposed on hacking site came from third-party supplier

Data about Toyota Motor Corp. customers has been shared online in a new incident involving the Japanese automaker and a data breach, but contrary to reports, Toyota claims the data came from a third-party supplier and was not directly compromised.

The latest Toyota-related data breach came to light when a threat actor calling himself ZeroSevenGroup shared 240GB of data allegedly stolen from Toyota on the notorious hacking site BreachForums. The threat actor claims to have infiltrated Toyota’s US subsidiaries and stolen employee and customer data, contract and financial information, and network infrastructure information including credentials.

“We hacked the US branch of one of the biggest car manufacturers in the world (TOYOTA). We are very happy to share our files here for free. Data size: 240 GB,” ZeroSevenGroup wrote. “Contents: Everything including contacts, finances, customers, schemes, employees, photos, DBs, network infrastructure, emails and lots of complete data. We also provide AD-Recon of all target networks with passwords.”

Bleeping Computer says the stolen files were stolen, or at least created, on December 25, 2022, indicating the date when the threat actors may have accessed the backup servers where the data is stored.

There have been reports that the Zero Seven Group hacked Toyota, but Toyota itself has denied the hack. A Toyota spokesperson told multiple media outlets that “Toyota Motor North America was not the target of this activity.” “Contrary to reports, our systems were not compromised or accessed unauthorizedly,” the spokesperson said, adding that the hacked data “appears to be related to a third party entity misrepresented as Toyota.”

Toyota has not disclosed who the third party is, and has not denied that the data relates to its customers.

It’s fair to give Toyota the benefit of the doubt here, but given the company’s long history of data breaches, it’s probably understandable to conclude that Toyota may have been hacked directly.

In addition to the German branch of Toyota’s financial services division being hacked late last year, previous Toyota-related data breaches include a security researcher revealing that he had accessed Toyota’s global supplier readiness information management system in February 2023, the data of 300,000 customers potentially being stolen after Toyota left access keys on GitHub in October 2022, and data also being stolen from Denso, a Japan-based global automaker that is 25% owned by Toyota, in the same month.

In March 2022, Toyota was forced to suspend production at all of its factories in Japan following a cyberattack on Kojima Press Industries, and in 2019, Toyota Motor Corp.’s North American branch was hacked, affecting 3.1 million customers.

Commenting on the news, Dr. Howard Goodman, technical director at enterprise cybersecurity solutions provider Skybox Security Inc., told SiliconANGLE, “The latest Toyota-related breach, allegedly perpetrated by ZeroSevenGroup, highlights the growing sophistication of threat actors exploiting vulnerabilities within critical infrastructure.”

“This breach is a stark reminder that traditional cybersecurity measures alone are no longer enough,” Goodman added. “Organizations must adopt a comprehensive, multi-layered cybersecurity strategy that incorporates cyber threat exposure management and attack vector analysis to proactively identify and mitigate potential threats before they are exploited.”

Image: SiliconANGLE/Ideogram