Toyota Japan breach leaves 3.1M customers exposed

More than 3.1 million customer information exposed after the second Toyota security breach in less than five weeks

Toyota reports about the second data breach that occurred only five weeks after the first one.

Only weeks after the security breach at its Australian subsidiary,^[1] Toyota announces about a cybersecurity incident involving Japan IT system.^[2] According to the report, the hacker accessed the servers of Toyota and Lexus sales subsidiaries and exposed data of its customers, including names and even the credit card information stored on the hacked servers.^[3] The investigation remains ongoing to make sure that the information hasn't been leaked.

Affected subsidiaries include Toyota Tokyo Sales Holdings, Tokyo Motor, Tokyo Toyopet, Nets Toyota Tokyo, Lexus Koishikawa, Lexus Nerima, Toyota Tokyo Corolla, Toyota West Tokyo Corolla. Hackers accessed information about car owners, including their personal details. However, there is no confirmation about the exfiltrated data, as the data breach notification reports:

It turned out that up to 3.1 million items of customer information may have been leaked outside the company. The information that may have been leaked this time does not include information on credit cards.

Data in Tokyo-based sales subsidiaries servers accessed, including names and dates of birth

The company cannot confirm that exposed data was exfiltrated and personal information of the car owners leaked, but they continue the investigation and prioritizing its customers' safety and security. The affected servers stored personal details about customers but not the financial information, Toyota said. However, there is no information on what specific data was accessed during the incident.^[4]

The official notice of the data breach has not confirmed anything and at the time of writing Toyota cannot say what details might have been accessed, but Toyota and Lexus car owners' data remains at risk. The report on the global Toyota page stated:

We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern. We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group.

Car manufacturers nowadays are set to collect more data than a few details that include personal and financial information. The automotive industry needs to take precautionary measures and prevent cybersecurity incidents. As the technology evolves, more responsibilities fell on the providers and developers. There is an urgency to protect the consumer.

The company haven't learned from the first breach in February

On February 19th multiple corporate IT systems were breached. 279 Australian Toyota dealers were affected by the targeted large scale operation which was held by APT32 hackers, according to experts.^[5] Vietnamese-based hacking group also known as OceanLotus and Cobalt Kitty coordinated large scale operation targeting Toyota's dealers.

It is believed that the previous attack was planned to get into Toyota's central network in Japan which is more secure than the Australian branch. Although the company said that internal audit would be started on IT systems after the attack on its Australian branch, the Toyota Japan security breach add to the theories about the APT32 involvement.

Toyota Vietnam also encountered cyber attack around the time of the Tokyo incident report.^[6] Toyota Vietnam Motor Company customer data may have been accessed, although there are not many details about this particular security incident in Toyota Vietnam or relations between two attacks.