Toyota Financial Services confirms data breach
Learn More
Toyota Financial Services (TFS) has officially confirmed a security breach after detecting unauthorized access on certain systems within its European and African operations. TFS, a subsidiary of Toyota Motor Corporation, operates globally and provides auto financing services to customers across 90% of the markets where Toyota vehicles are sold.
Medusa ransomware group has claimed responsibility for the attack on the company and published the initial information of the breach on their dark web site. The attackers released a sample of the purloined data, which includes
- financial documents,
- spreadsheets,
- purchase invoices,
- hashed account passwords,
- clear-text user IDs and passwords,
- agreements,
- passport scans,
- internal organizational charts,
- financial performance reports,
- staff email addresses,
This trove of data appears to be predominantly in the German language, indicating that the hackers may have compromised systems serving Toyota's operations in Central Europe. The Medusa ransomware gang issued a 10-day ultimatum to Toyota, with an option to extend the deadline for an additional $10,000 per day.
TFS Europe & Africa states had identified unauthorized activity on systems in select locations. In response, certain systems were taken offline to investigate the incident and mitigate risk, and cooperation with law enforcement agencies has commenced.
As of now, no details are disclosed about impacted individuals or the nature of the attack itself. The incident is reported to be confined to Toyota Financial Services Europe & Africa, and efforts are underway to restore affected systems to normal operations in most countries.
Update - as of 11th of December, Toyota has not engaged in ransom negotiations with the cybercriminals, and as a consequence, all stolen data has been published on Medusa's extortion site on the dark web.
One of the divisions confirmed to be affected is Toyota Kreditbank GmbH in Germany. The bank acknowledged that hackers had accessed customer personal data. German news outlet Heise reported receiving a sample of the notification letters sent by Toyota to its German customers, indicating the following types of data were compromised:
- Customer's full name
- Residential address
- Contract details
- Information about lease-purchase agreements
- IBAN (International Bank Account Number)
The number of affected individuals is still not disclosed.
