Security Experts:

Toyota Says Fired Contractor Sabotaged Supplier Network and Stole Sensitive Data

Court documents obtained by SecurityWeek, from the Eastern District of Kentucky, show that Toyota has filed a lawsuit against an ex-contractor for sabotaging the company’s supplier network and downloading confidential information.

Toyota accuses Ibrahimshah Shahulhameed, a former employee who was working for the automaker in Kentucky, of accessing their supplier network after he was fired, sabotaging the network itself and downloading sensitive information. According to documents filed with the court, Shahulhameed was fired last week, August 23, but the company did not state why.

The day he was terminated, from midnight until approximately 06:30 a.m. on August 24, Shahulhameed “sabotaged various programs and applications; and accessed, copied, downloaded and/or disseminated trade secrets and proprietary information.”

“Specifically, due to the level of administrative access [Shahulhameed] had to Toyota’s system, [Shahulhameed] improperly accessed proprietary trade secrets and information such as pricing information, quality testing data, and parts testing data,” Toyoda said in the complaint.

“Based on information currently available, [Shahulhameed] logged on to various internal and external systems and programs that contain highly confidential and proprietary information of Toyota...If this information were disseminated to competitors or otherwise made public, it would be highly damaging to Toyota, and its suppliers, causing immediate and irreparable damage.”

Further, the automaker charges Shahulhameed with modifying 13 applications on toyotasupplier.com causing it to crash.

“At this point, the level of damage caused by [Shahulhameed’s] unauthorized access to Toyota’s computer system is unknown. It will take days for Toyota’s IT department to determine the full extent of its damage as a result of [Shahulhameed’s] efforts to sabotage its system,” the complaint explains.

As it turns out, Toyota almost lost their chance to confront Shahulhameed in court. After he was released on bond, he told corporate investigators that he was planning on returning home to India (he is in the U.S. on an H1B visa). The automaker asked the court for a temporary restraining order preventing him from leaving, but it wasn’t needed as he agreed to an order on Monday that he would not travel for 14 days.

Shahulhameed remains free on a $2,500 bond until trial.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.