Toyota Financial Services (TFS), a financial subsidiary of the popular automaker Toyota Motor Corporation, is warning customers it suffered a data breach that exposed personal details, including bank account information, in the attack (via BleepingComputer).
For those unaware, some of TFS’s systems in Europe and Africa suffered a ransomware attack last month.
The Medusa ransomware gang claimed responsibility for the attack and listed TFS as its data leak site on the dark web.
The group demanded that the firm pay a US $8 million ransom in 10 days to delete data allegedly stolen from the Japanese company, with the option to pay $10,000 for a day’s extension.
To support its claim, the ransomware gang also posted screenshots of several documents, alongside a file tree of all the data exfiltrated.
It included financial documents, spreadsheets, hashed account passwords, purchase invoices, passport scans, cleartext user IDs and passwords, staff email addresses, internal organization charts, financial performance reports, agreements, and more.
“Toyota Motor Corporation is a Japanese multinational automotive manufacturer headquartered in Toyota City, Aichi, Japan. Toyota is one of the largest automobile manufacturers in the world, producing about 10 million vehicles per year,” Medusa’s leak site said, which included a brief description of the hack.
“The leaked data is from Toyota Financial Services in Germany. Toyota Deutschland GmbH is an affiliated company held by Toyota Motor Europe (TME) in Brussels/Belgium and located in Köln (Cologne).”
Following the threat of data leak by Medusa ransomware, a Toyota spokesperson confirmed to BleepingComputer that it has detected unauthorized access on some of its systems in Europe and Africa.
Back then, TFS did not confirm if any of its data was stolen in the breach but said that it had taken some systems offline to mitigate risk and to aid its investigations.
It appears that Toyota has not given in to the demands of the Medusa ransomware gang, as all the leaked data has been published on Medusa’s extortion portal on the dark web.
Earlier this month, Toyota Kreditbank GmbH (TKG) in Germany was identified as one of the affected divisions, admitting that certain TKG files were accessed by hackers during the attack.
The breach notification letters that were sent in German to Toyota’s affected customers were accessed by German news outlet Heise.
It informs them that the compromised information in the data breach based on the ongoing investigation includes first and last names, residential addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number).
Since the internal investigation is still ongoing, there are chances that the hackers may have also accessed additional information other than the above.
Toyota has promised its affected customers that it would promptly update them should the internal investigation disclose further data exposure.
