Toyota Financial Services Fell Victim to Data Leak, Customer Information Left Vulnerable
Weeks after a ransomware attack, Toyota warns its German customers that their financial data may be compromised.
Toyota Financial Services, a subsidiary of the Japanese manufacturer, confirmed it fell victim to a ransomware attack on November 17. Perpetrated by Medusa Ransomware, the attackers allotted Toyota 10 days to pay the sum of $8 million, with an extension $10,000 per day. According to various news sources like Techradar, MSN, and Security Affairs, Toyota either failed or refused to meet these demands. The consequences: customer data has been spotted on Medusa’s website.
Medusa Ransomware targeted Toyota Financial Services Europe and Africa, meaning any number of individuals within these continents may be affected. However, the majority of stolen documents appeared in German. Likewise, press reports that Toyota sent letters to German customers informing them of the data breach. That doesn’t mean other customers are out of the weeds, however, as the breach theoretically may cover far more ground than just Germany.
What was Leaked
Medusa Ransomware essentially datamined most of Toyota Financial Services’ confidential documents. They confirmed the complete list, which includes: financial documents, spreadsheets, purchase invoices, account passwords, cleartext user IDs and passwords, agreements, passport scans, financial performance reports, staff emails, among others. Following Toyota’s failure to produce the allotted ransom, Medusa since added customer data to that list. According to German news source Heise (German), Medusa released customers’ names, addresses, international bank account numbers, and “possibly further contract information,” speculated to be contract amounts and customer reminder status. According to Heise, this information came to light after it was spotted leaked onto the Darknet.
Toyota immediately began an ongoing investigation to determine if any more data had been compromised. So far, the investigators, helmed by an unnamed “leading cybersecurity company,” haven’t shared any further details to media outlets. According to Techradar, a Toyota spokesperson claimed that the company is also “working closely with law enforcement.” But so far, results indicate that only German customers were affected.
Future Consequences
It remains a matter of speculation how Medusa Ransomware conducted the attack. Cybersecurity experts weighed in to Heise, claiming that it may have been from any number of vulnerabilities used to penetrate corporate IT systems in the past.
The immediate consequences began on November 17, when Toyota froze incoming lease installments and put all lease deliveries on hold. Since then, the system gradually restarted beginning on December 1. Toyota further stated that they informed data protection officers for North Rhine-Westphalia, in accordance with General Data Protection Regulation laws.
As for customers, Toyota recommends that they contact their bank to take additional security precautions, set up two-factor authentication, continuously monitor for unusual activity, and obtain a credit report from SCHUFA.
Images from: Toyota Global
Join the YotaTech forums now!
