Toyota is facing a huge problem, and it’s has been going for quite some time. If you’re going to think of the kinds of company that are most likely to be affected by a cyber attack, you will least think of automotive companies like Toyota. They’re huge, with a strong cyber security protocol, has budget too secure data and they have top-notch IT systems. However, it seems like no company is exempted and hackers are everywhere trying to scavenge for data from whatever database they can get into.
Millions of car owners have had their data compromised in a series of cyber attacks that have targeted the global car manufacturer Toyota in the last five weeks. The company has reported three confirmed attacks in three separate global branch locations across two continents.
Reports reveal that data of millions of owners of Toyota cars have been compromised following a cyber attack undertaken by a group of hackers at Toyota Motors in Japan. A few months ago, the company announced that a similar incident happened in the Australia branch of the car company. Another similar incident was also reported by Toyota Vietnam on the same day that the Japan breach was announced, making it the third one.
About 3 million customer data were breached including some Toyota sales subsidiaries and unauthorized access to some other firms.
“It turned out that up to 3.1 million items of customer information may have been leaked outside the company,” Toyota said in a press briefing following the Japan attack.
Specifically, the attack targeted the servers of Toyota Tokyo Sales Holdings Co., Ltd. Tokyo Toyopet Co., Ltd., Nets Toyota Tokyo Co., and Tokyo Tokyo Corolla Co., Ltd. Other servers that were affected by the attack are those of Jamil Shoji CO., Ltd (Lexus Nerima), Lexus Koishikawa Sales Co., Ltd., and Toyota West Tokyo Corolla Co., Ltd. In general, the breached data belongs to customers of both Toyota and Lexus.
The data breach has exposed a plethora of customer information, but fortunately, the hackers were not able to get access to customers’ financial details of customers as they are not stored in the same hacked servers. Nonetheless, the car company has not confirmed what type of data was stolen by the hackers either.
“We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern,” a Toyota spokesperson said in a message to reporters.
“We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group.”
A SERIES OF GLOBAL ATTACK?
The company has announced a similar incident in late February affecting their Australian branch. The first attack was known to be more disruptive than the Japan attack because it was able to bring down Toyota Australia’s ability to handle sales and deliver new cars, freezing their operations. The Australia cyber attack was attributed to a group of hackers known as the APT32 (OceanLotus), a cyber espionage organization based in Vietnam and is known to have targeted other companies in the automotive industry in the past.
“Toyota Australia can confirm it has been the victim of an attempted cyber attack. At this stage, we believe no private employee or customer data has been accessed,” Toyota Australia said in a press release regarding the cyber attack.
Tech and cybersecurity experts suggest that APT32 hackers might have hacked Toyota’s Australian branch in order to infiltrate Toyota’s more secure central network in Japan. Nonetheless, the world leader in automotive production has never confirmed any of the theories surrounding the attacks nor have they attributed them to APT32 hackers.
Nonetheless, the car company did say that it would start an internal audit of its IT systems following the attack on its Australian branch, and the infiltration of Toyota Japan only makes the APT32 theories stronger.
Furthermore, a few hours after the announcement of the data breach and cyber attack that happened in Toyota Japan, Toyota Vietnam has also announced a similar cyber security attack without any details about the incident.
No official confirmation has since been made by the car manufacturer if the cyber attacks that happened in three of its global branches were connected or if they were isolated incidents in terrible coincidence.