“We are aware of the situation. The problem is limited in scope and not a system-wide problem.” Toyota confirmed the hacker group’s claims to BleepingComputer.
The company added that it is “in contact with those affected and will provide assistance if needed.” However, Toyota did not provide details on when it discovered the breach, how the attackers gained access and how many people had their data exposed in the incident.
The hacker behind the Toyota data theft
According to a report by Bleeping Computer, a hacker group called ZeroSevenGroup was responsible for leaking the stolen Toyota data. The attackers claimed to have breached a U.S. office of the automaker and were able to steal 240GB of files containing information about Toyota employees and customers, as well as contracts and financial information.
The hackers also claimed to have collected network infrastructure information, including credentials, using the open source ADRecon tool, which can extract large amounts of information from Active Directory environments.
In a statement to Bleeping Computer, the hacker group claimed: “We hacked a branch of one of the largest car manufacturers in the world (TOYOTA) in the USA. We are very happy to share the files with you here for free. The data size: 240 GB. Contents: Everything like contacts, finances, customers, plans, employees, photos, DBs, network infrastructure, emails and lots of perfect data. We also provide you AD-Recon for all target networks with passwords.”
The report also speculated that the files were stolen or at least created in December 2022. This suggests that the attackers gained access to a backup server where the company stored its data.
Toyota’s fight against data breaches
In 2023, Toyota Financial Services (TFS) announced two major data breaches, including a misconfigured cloud database that exposed the vehicle location information of 2.15 million customers for ten years, and a ransomware attack on Toyota’s European and African offices that compromised sensitive personal and financial data.
In response to these incidents, Toyota implemented an automated system to monitor and prevent future data leaks.
