According to the ethical hacking training specialists from the International Institute of Cyber Security (IICS), the Japanese car company Toyota has suffered its second data breach of the last four weeks.
Although, as the ethical hacking training experts reported, the first incident occurred at the Toyota Australia facility, the latest data breach has been reported directly from Toyota’s main offices in Japan.
The company published a statement mentioning that hackers managed to compromise their computer systems and subsequently accessed the databases of different subsidiaries. The compromised subsidiaries include:
- Toyota Tokyo Sales Holdings
- Tokyo Tokyo Motor
- Tokyo Toyopet
- Toyota Tokyo Corolla
- Among others
According to the statement, hackers accessed sales-related information up to 3 million of the company’s customers. Toyota claims that an investigation has already been carried out to determine whether the threat actors leaked some of the compromised information.
According to the ethical hacking training experts, the financial information of Toyota customers is not stored on the compromised servers; this had been reported by the company since the last security incident. However, Toyota still does not disclose what kind of information has been compromised this time.
As mentioned above, this is the second time in the 2019 that Toyota is the victim of a similar cybersecurity incident. In the first attack, the threat actors managed to disrupt the Toyota Australia systems, mainly affecting the delivery of new units. Some members of the cybersecurity community have attributed responsibility for these incidents to APT32, a cyber and technological espionage cell backed by the government of Vietnam.
According to the specialists, the members of APT32 could have attacked the Australian branch of Toyota to obtain a point of access to the central networks of the company in Japan. So far, Toyota has made no representations about the authorship of these attacks.