Toyota Financial Services (TFS) has fallen victim to a cyberattack, confirming unauthorized access on its systems in Europe and Africa. The attack was orchestrated by the Medusa ransomware gang, which listed TFS on its dark web data leak site and demanded an $8 million ransom.
Furthermore, TFS, a global subsidiary of Toyota Motor Corporation, provides auto financing in 90% of the markets where Toyota sells its cars. While the company did not confirm if data was stolen, the threat actors claim to have exfiltrated files and threaten a data leak if the ransom is not paid within 10 days.
Additionally, the Medusa ransomware gang, known for its audacious attacks, exposed Toyota Financial Services (TFS) on its dark web data leak site, demanding an $8 million ransom. TFS, a major player in auto financing globally, detected unauthorized access in its European and African systems following the ransomware attack.
While TFS did not confirm data theft, the threat actors published sample data on the dark web, including financial documents, hashed passwords, user IDs, agreements, passport scans, and more, as evidence of their intrusion and a means to pressure Toyota into paying the ransom within a 10-day deadline.
As part of their ransom demand, the Medusa gang provides a .TXT file detailing the file tree structure of the allegedly stolen data from Toyota’s systems. Most of the documents presented as evidence are in German, suggesting that the hackers successfully breached systems supporting Toyota’s operations in Central Europe.
TFS is now faced with the challenge of assessing the extent of the breach, determining if sensitive data has been compromised, and deciding on a response strategy amid the escalating threats from ransomware groups who employ tactics like data exposure to coerce their victims into meeting their ransom demands.