The team logo
Daily Brief Changelog
v0.7

Article Details

Scrape Timestamp (UTC): 2023-12-11 15:34:10.307

Source: https://www.bleepingcomputer.com/news/security/toyota-warns-customers-of-data-breach-exposing-personal-financial-info/

Original Article Text

Click to Toggle View

Toyota warns customers of data breach exposing personal, financial info. Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about successfully compromising the Japanese automaker's division. The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their blackmail. At the time, a Toyota spokesperson told BleepingComputer that the company had detected unauthorized access on some of its systems in Europe and Africa. The company took certain systems offline to contain the breach, which impacted customer services. Presumably, Toyota has not negotiated a ransom payment with the cybercriminals, and currently, all data has been leaked on Medusa's extortion portal on the dark web. Earlier this month, Toyota Kreditbank GmbH in Germany was identified as one of the impacted divisions, admitting that hackers gained access to customers' personal data. German news outlet Heise received a sample of the notices sent by Toyota to German customers, informing that the following data has been compromised: This type of data can be used in phishing, social engineering, scams, financial fraud, and even identity theft attempts. The notification verifies the above data as compromised based on the ongoing investigation. However, the internal investigation isn't complete yet, and there remains a possibility that attackers accessed additional information. Toyota promises to promptly update affected customers should the internal investigation reveal further data exposure. BleepingComputer has contacted Toyota for additional information, like the exact number of exposed customers, but we have not heard back by publication time.

Daily Brief Summary

DATA BREACH // Toyota Financial Services Hit by Data Breach, Customer Info Leaked

Toyota Financial Services experienced a data breach with personal and financial data of customers exposed.

The breach was identified following a ransomware group's claim of compromising Toyota systems in Europe and Africa.

Medusa ransomware demanded an $8 million ransom, threatening to leak data unless paid within ten days.

Toyota Kreditbank GmbH in Germany acknowledged unauthorized access to customer data, with the potential for phishing and identity theft.

Toyota responded to the incident by taking affected systems offline, impacting customer service functionality.

Although the full extent of the breach is not yet known, exposed data includes names, birth dates, and payment information.

Toyota has committed to keeping customers updated as the internal investigation progresses and more information becomes available.

There has been no comment regarding the total number of customers affected or if Toyota intends to pay the ransom.