Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced on Friday.
The announcement comes a few weeks after Toyota Australia said they have been “the victim of an attempted cyber attack”.
The attackers targeted TMC sales subsidiaries (Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor,Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo) and three independent dealers (Lexus Koishikawa Sales, Jamil Shoji, Toyota West Tokyo Corolla), all based in Tokyo.
They apparently breached their systems and gained unauthorized access to servers storing the customer data.
On the same day, Toyota Vietnam Motor Company (TMV) told Vietnamese news site Tinmoi that they might have also been hit.
Both TMC and TMV are still investigating and have yet to confirm that customer data has actually been compromised. In any case, TMC noted that the server did not include customers’ credit card information.
“We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group,” TMC concluded.
As mentioned before, Toyota’s Australian subsidiary confirmed on February 21 that they have been hit by cyber attackers, but offered no more information than that.
According to some sources, the attack apparently messed up the subsidiary’s parts and cars distribution process.
Also, it has been speculated that the attackers were APT 32 (aka OceanLotus), a hacker group believed to be backed by the Vietnamese government, and that the reason they attacked Toyota Australia was because they searched for a way into the networks and systems of Toyota Japan.
For the moment, though, the extent of all of these breaches is unknown and Toyota has declined to say anything about who they believe performed the attacks.
Even older breaches and data leak incidents
Toyota is no stranger to cyber attacks, data theft and leaks.
Only a few months ago some of its sensitive documents were found exposed on a publicly accessible server belonging to an engineering service provider specialized in automation process and assembly for original equipment manufacturers.
Also, some five years ago, a former IT worker at a Toyota plant in the US, was convicted of intentionally damaging the company’s computer systems.