Toyota Financial Services Fell Victim to Data Leak, Customer Information Left Vulnerable

Weeks after a ransomware attack, Toyota warns its German customers that their financial data may be compromised.

Toyota Financial Services, a subsidiary of the Japanese manufacturer, confirmed it fell victim to a ransomware attack on November 17. Perpetrated by Medusa Ransomware, the attackers allotted Toyota 10 days to pay the sum of $8 million, with an extension $10,000 per day. According to various news sources like Techradar, MSN, and Security Affairs, Toyota either failed or refused to meet these demands. The consequences: customer data has been spotted on Medusa’s website.

Medusa Ransomware targeted Toyota Financial Services Europe and Africa, meaning any number of individuals within these continents may be affected. However, the majority of stolen documents appeared in German. Likewise, press reports that Toyota sent letters to German customers informing them of the data breach. That doesn’t mean other customers are out of the weeds, however, as the breach theoretically may cover far more ground than just Germany.

What was Leaked

Medusa Ransomware essentially datamined most of Toyota Financial Services’ confidential documents. They confirmed the complete list, which includes: financial documents, spreadsheets, purchase invoices, account passwords, cleartext user IDs and passwords, agreements, passport scans, financial performance reports, staff emails, among others. Following Toyota’s failure to produce the allotted ransom, Medusa since added customer data to that list. According to German news source Heise (German), Medusa released customers’ names, addresses, international bank account numbers, and “possibly further contract information,” speculated to be contract amounts and customer reminder status. According to Heise, this information came to light after it was spotted leaked onto the Darknet.

Toyota immediately began an ongoing investigation to determine if any more data had been compromised. So far, the investigators, helmed by an unnamed “leading cybersecurity company,” haven’t shared any further details to media outlets. According to Techradar, a Toyota spokesperson claimed that the company is also “working closely with law enforcement.” But so far, results indicate that only German customers were affected.

Future Consequences

It remains a matter of speculation how Medusa Ransomware conducted the attack. Cybersecurity experts weighed in to Heise, claiming that it may have been from any number of vulnerabilities used to penetrate corporate IT systems in the past.

The immediate consequences began on November 17, when Toyota froze incoming lease installments and put all lease deliveries on hold. Since then, the system gradually restarted beginning on December 1. Toyota further stated that they informed data protection officers for North Rhine-Westphalia, in accordance with General Data Protection Regulation laws.

As for customers, Toyota recommends that they contact their bank to take additional security precautions, set up two-factor authentication, continuously monitor for unusual activity, and obtain a credit report from SCHUFA.

Images from: Toyota Global

Join the YotaTech forums now!

M.C. Cuccio

I've been an automotive aficionado since I had baby teeth. My path was set when I first leaned on my grandfather's classic Porsche as I learned how to walk. One of my first memories was my mother sitting me behind the wheel of her Pontiac and talking me through the instrumentation and controls. Even though I was a mere three or four years old, I was instantly sold, and filled notebooks with technical drawings, sketches, and collections of manuals of all sorts of cars. I've actively tracked developments in automotive and motorsport technology for well over 20 years, and pride myself on being intimately familiar with the functions and history of a wide range of vehicles.

My primary goal as a writer and enthusiast is to equally learn and share what I've learned in a constructive and interesting way. I maintain connections with people from around the world and can read technical manuals in Italian, Japanese, and Spanish, granting me access to a wide array of resources. My primary focuses are deep-dives into historical topics, motorsport discussion, and learning about the complex mechanical elements of such vehicles. As such, my research is never perfect; as anyone into cars will attest, the more you learn about cars, the more you realize how little you actually know. Therefore, I always welcome fresh knowledge and corrections to help me better my work in the future.