Incident Of The Week: Toyota's Second Data Breach Affects Millions Of Drivers

Toyota is in the headlines for the wrong reasons lately, as it recently announced the second of two data breaches in five weeks. The most recent infiltration involved Toyota and Lexus dealers in Japan. According to the company's official statement — only published in Japanese — the data breach entailed unauthorized access to a server connected to the company's network.

What was the Extent of the Breach?

Toyota revealed the issue on its official website on March 29, 2019, saying the breach potentially affected 3.1 million people. The company is still looking into whether the cybercriminals could access and read the data but says the compromised server did not contain credit card details.

See Related: "Top 5 Cyber Security Breaches of 2019 So Far"

Unfortunately, Toyota has not provided further details, but says it will continue to investigate the matter and place a "top priority on customer safety and security." It also mentions that the company will apply security measures to all dealers associated with Toyota.

The bottom of the company's statement includes telephone contact details and operating hours for all affected dealerships. That information allows customers to contact any branches they did business with, but those individuals may find news frustratingly scarce if Toyota's official press release is any indication.

However, third-party sources have been working hard to shed light on what happened. A representative from SecurityWeek received an emailed statement from Toyota that said an unauthorized party also got access to information at Toyota's subsidiaries in Thailand and Vietnam 10 days before the company disclosed the Japanese breach. However, it did not say anything more about the cyber-incidents in those countries.

Information About The Australian Cyber Security Breach

February was a disruptive month for Toyota, too, but in the Australian market. On February 21, 2019, Toyota stated it experienced an attempted cyber attack. The news came via a similarly brief press statement consisting of only five sentences.

See Related: “The State of Security for Australia's ASX 200 Orgs [Live]”

The company said it did not believe the hackers accessed private customer or employee data in that instance. It also confirmed Toyota's IT team communicated with international cyber security experts for advice in getting to the bottom of the matter.

On the following day, Toyota published updated material about the incident. It was slightly more detailed and included a numbered list of the things the company knew so far about what happened. The brand became aware of the attempted attack on February 19 and said it took numerous company systems offline, including corporate email.

The update said customers could bring their concerns to any location in Toyota's dealership network. Or, they could call an emergency call center number set up to deal with this incident, as well as concerns regarding the Takata airbag recall. That problem causes some airbags to explode upon deployment and could affect millions of vehicles.

However, the company's second press statement only listed operating hours for two days, causing a lack of clarity about whether the phone number would operate beyond those specified times. Moreover, Toyota said the breach affected parts supplies, causing some delays at the brand's service centers.

Were there any Connected Incidents?

Security experts have weighed in about both the Japanese and Australian attacks and suggested an advanced Vietnamese hacking group called APT32 may have carried out the Australian attack to access Toyota's Japanese network. However, Toyota has not commented about that possibility.

APT32, also known as the OceanLotus Group, attracted the attention of cyber security researchers for their sophisticated methods. One report showed that hackers used custom tools to perform their exploits.

How do you Stay Safe?

Since there are so few specifics about what happened surrounding Toyota's cyber security breaches, it is best for customers to be exceptionally vigilant regarding any communications from people claiming to be from Toyota or its subsidiaries. There is no way to know for sure, but the hackers could use the customer data obtained in the Japanese breach to orchestrate phishing attempts.

Unless Toyota provides the public with more details about what went wrong, how it will prevent future issues and what steps customers should take, people can only speculate and stay mindful for any suspicious events that potentially caused by hackers accessing and using their data.

See Related: "Incident Of The Week" Articles