Toyota has confirmed a serious data breach following the leak of 240GB of stolen information by the threat actor group ZeroSevenGroup on a hacking forum. The leaked archive reportedly contains sensitive data, including details about Toyota employees, customers, financial records, and network infrastructure. The breach is believed to have affected a U.S. branch of the company, with the data purportedly collected using the open-source tool ADRecon, which helps extract information from Active Directory environments. Toyota has acknowledged the breach, describing it as “limited in scope” and ensuring that support is being provided to those impacted.
The leaked data includes a wide range of information such as contacts, financial documents, emails, and photos. The threat actor claims that the data was stolen on December 25, 2022, which suggests that the attackers may have gained access to a backup server. Toyota has not yet disclosed when the breach was initially discovered, how the attackers gained access, or the full extent of the exposure. However, the leak has raised significant concerns about the security of Toyota’s network and the protection of sensitive information.
This breach follows a series of data security incidents affecting Toyota. In December 2023, Toyota Financial Services revealed a breach resulting from a Medusa ransomware attack, which exposed personal and financial data for customers in Europe and Africa. Earlier in 2023, Toyota disclosed another breach involving a misconfigured database that exposed car-location data for over 2 million customers, as well as additional cloud service misconfigurations leading to further data leaks.
In response to these ongoing security challenges, Toyota has implemented automated systems to monitor and secure cloud configurations and database settings across its environments. Despite these efforts, the company continues to face significant cybersecurity challenges, underscoring the need for robust and proactive measures to protect sensitive data and prevent future breaches.
Reference:
