Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Toyota Germany Says Customer Data Stolen in Ransomware Attack

Toyota Germany is informing customers that their personal data has been stolen in a ransomware attack last month.

Toyota Germany is notifying customers that their personal information was compromised in a ransomware attack last month.

Initially disclosed in mid-November, the incident impacted the systems of Toyota Financial Services Europe & Africa, a subsidiary of the Japanese carmaker.

Toyota announced last month that the attackers had gained access to internal systems at various locations, and that it took those systems offline in response.

The company did not say what type of attack it fell victim to, but the Medusa ransomware gang quickly claimed responsibility for the incident, adding Toyota Financial Services to its Tor-based leak site and threatening to release stolen data publicly.

Medusa has since published the allegedly stolen information, which includes corporate documents, passport copies, and spreadsheets containing various types of personal information. The ransomware gang also claimed to have accessed user IDs, emails, and hashed passwords.

Last week, Toyota Germany posted an updated notice on its website, informing visitors that the attackers had gained access to the systems of Toyota Kreditbank GmbH, and that personal information was compromised, without providing details on the types of stolen data.

However, the Toyota subsidiary also started mailing out notification letters to the impacted customers, informing them that their personal information, including names, addresses, IBANs, and other information, was compromised in the attack, German news outlet Heise reports.

In its online notice, Toyota also said that it has been gradually restarting Toyota Kreditbank’s systems, but shared no other details on the restoration efforts or on the extent of the attack.

According to security researchers, the recent Citrix NetScaler vulnerability called CitrixBleed (Citrix Bleed) might have been exploited for initial access to Toyota Financial Services’ systems. Various threat actors, including ransomware groups, have been observed targeting the bug in attacks.

Advertisement. Scroll to continue reading.

Related: Toyota Discloses New Data Breach Involving Vehicle, Customer Information

Related: Toyota: Data on More Than 2 Million Vehicles in Japan Were at Risk in Decade-Long Breach

Related: Vulnerability in Toyota Management Platform Provided Access to Customer Data

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.