News

Toyota reports yet another data breach; 3.1 million customer accounts exposed

Japanese automaker, Toyota, announced on Saturday that a data breach resulted in the data of 3.1 million customers being compromised. This is in fact the second data breach the company faced in the last five weeks. 

Toyota seems to be finding itself in the dead center of hackers’ cross-hairs. The Japanese auto maker revealed that the company faced its second cybersecurity incident in the last five weeks. The latest data breach reportedly resulted in the exposure of 3.1 million customer accounts. 

Hackers reportedly violated the company’s IT systems and gained access to sensitive customer information from multiple sales subsidiaries, the most prominent amongst which is luxury car maker Lexus.

... With attackers potentially gaining access to sales records, that data provides a perfect profile from which to build a spear phishing attack.
Tim Mackey
Technology Evangelist, Synopsys

Toyota group – the combined entity of Toyota and Daihatsu, commands 44 percent of Japan’s domestic automobile market. The auto giant sold 5.3 million vehicles last year – to give you a little perspective, that’s a little less than two-and-a-half times the number of cars that were sold in India in 2017-18.

An investigation is currently underway. However, the company was quick to clarify that payment-related information, such as customers’ credit card information, was not compromised.

The latest incident is yet another blow to the auto superpower’s cyber-resiliency. Toyota Australia was hit with a largescale data breach in February this year. ZDNet had reported that the February attack was attributed to a cyber-espionage group based in Vietnam.  

What it means for Toyota owners around the globe

Given the fact that hackers were able to access the Toyota central database indicates that customers, both current and former Toyota owners, should be concerned about the data breach.

“With attackers potentially gaining access to sales records, that data provides a perfect profile from which to build a spear phishing attack,” said Tim Mackey, technology evangelist at Synopsys.

He added that while Toyota indicates they are now performing an audit of their systems, this attack and Toyota’s response highlight a need for continuous monitoring beyond reviews performed following an incident, or as part of an annual review process.     

He advised that going forward, Toyota owners receiving any communication purporting to be from Toyota should take extra measures to confirm its legitimacy.