Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security

Toyota Confirms Breach After Stolen Data Leaks On Hacking Forum (bleepingcomputer.com) 7

Toyota confirmed a breach of its network after 240GB of data, including employee and customer information, was leaked on a hacking forum by a threat actor. The company has not provided details on how or when the breach occurred. BleepingComputer reports: ZeroSevenGroup (the threat actor who leaked the stolen data) says they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information. They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool that helps extract vast amounts of information from Active Directory environments.

"We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB," the threat actor claims. "Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords." While Toyota hasn't shared the date of the breach, BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored.
"We are aware of the situation. The issue is limited in scope and is not a system wide issue," Toyota told BleepingComputer. The company added that it's "engaged with those who are impacted and will provide assistance if needed."
This discussion has been archived. No new comments can be posted.

Toyota Confirms Breach After Stolen Data Leaks On Hacking Forum

Comments Filter:
  • by Xyrx ( 109960 ) on Tuesday August 20, 2024 @07:32PM (#64722212)

    In May 2023, I submitted a data deletion request to Toyota to delete all of my data while leasing a Prius Prime from 2016 to 2019. When this database comes online in a searchable format, I'll be verifying my data was ACTUALLY removed. If it wasn't and I find my personal information in there, there might be a lawsuit.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I don't blame you. I wouldn't want anyone finding out that I leased a Prius either.

    • Good luck with your lawsuit . The privacy laws in the US have no teeth. You may get a $2 coupon towards your next Toyota. And free credit monitoring, if you are lucky.
      I should probably check if I'm on the list too. Had a 2001/2007/2011 Prius, before moving to plug-in cars of other brands. Don't think I'll ever own another Toyota after their stupidity with hydrogen cars. They have been left behind.

    • how do you figure that? It states the data has a date of Dec 25, 2022. Your request was in 2023
  • by Miles_O'Toole ( 5152533 ) on Wednesday August 21, 2024 @02:09AM (#64722760)

    It's hopeless here because the governments of Canada and the United States are utterly dominated by corporations, but maybe the EU will decide to deal with situations like this.

    I would love to see legislation providing really significant financial penalties for any company that failed to protect customers' data, with the fines doubled or tripled for any data the company gathered in excess of the absolute minimum needed for a business relationship.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...