After a security incident in February at its Australian subsidiary, Toyota Motor Corp. has suffered its second security breach in the last five weeks, with today's breach announced by the company's main offices in Japan.
"On March 29, 2019, it was announced in Japan that Toyota Motor Corporation (TMC) learned it had possibly been the victim of a cyberattack targeting Toyota Tokyo Sales Holdings Inc., a TMC sales subsidiary, and its affiliated enterprises. Additionally, three other independent dealers in Japan are possibly involved. Toyota Motor North America (TMNA) is monitoring the situation closely and is currently unaware of any compromise of TMNA systems associated with this incident or evidence that Toyota or Lexus dealers in the United States have been targeted," Toyota Motor North America said in a statement.
The company reportedly said hackers breached its systems, gaining unauthorized access to data belonging to several sales subsidiaries, all based in Tokyo. Toyota said the servers that hackers accessed stored sales information on up to 3.1 million customers that included names and dates of birth but no credit card information, though the investigation remains ongoing.
In addition, Toyota Vietnam said that it is possible the company was also hacked, according to Tinmoi. “Toyota Vietnam Motor Company (TMV) has discovered that the Company is likely to have been attacked by the network and some customer data may have been accessed. So far we do not have any concrete evidence and details about the lost data, and are currently in the process of investigation. We will share as soon as information is available,” TMV said according to a translation of a statement shared with Tinmoi.
"In light of the Toyota security breach, it’s clear that automotive manufacturers need to be aware that as their technology continues to evolve there are more responsibilities involved to protect the consumer," said Amir Einav, VP of marketing at Karamba Security. "As car manufacturers are set to collect more data than ever before on drivers and vehicle behavior there is more personal information at stake. Following Toyota’s second breach in the last five weeks, there is a greater sense of urgency in the automotive industry around the need to take preventive cybersecurity measures, from the cloud to the in-vehicle technology."