[BreachExchange] Toyota announces second security breach in the last five weeks

Fri Mar 29 09:00:26 EDT 2019

https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/

Japanese car maker Toyota announced its second data breach today,
making it the second cyber-security incident the company acknowledged
in the past five weeks.

While the first incident took place at its Australian subsidiary,
today's breach was announced by the company's main offices in Japan.

TOYOTA AND LEXUS CAR OWNERS DATA AT RISK

The company said hackers breached its IT systems and accessed data
belonging to several sales subsidiaries.

The list includes Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor,
Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo, Lexus
Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo
Corolla.

Toyota said the servers that hackers accessed stored sales information
on up to 3.1 million customers. The carmaker said there's an ongoing
investigation to find out if hackers exfiltrated any of the data they
had access to.

Customer financial details were not stored on the hacked servers,
Toyota said. However, the company didn't say what type of info hackers
might have accessed either.

"We apologize to everyone who has been using Toyota and Lexus vehicles
for the great concern," a Toyota spokesperson said today in a message
to the press.

"We take this situation seriously, and will thoroughly implement
information security measures at dealers and the entire Toyota Group."

APT32?

This is the second cyber-security the company has announced this year,
after disclosing a similar incident in late February, but affecting
its Australian branch.

The attack on its Australian office was more disruptive in nature,
bringing down Toyota Australia's ability to handle sales and deliver
new cars, and has been attributed by some industry experts to APT32
(OceanLotus), a Vietnamese cyber-espionage unit with a known focus on
the automotive industry.

Experts suggested that APT32 hackers might have targeted Toyota's
Australia branch as a way to get into Toyota's more secure central
network in Japan.

At the time, Toyota declined to confirm any of these theories and
attribute the attack to APT32 hackers.

However, the company did say that it would start an internal audit of
its IT systems following the attack on its Australian branch, and
today's announcement only pours fuel on the APT32 theories.