240GB of data leaked from Toyota's US branch
by
Hackers have broken into Toyota's network and stolen 240GB of data, which was then published on a hacking forum. The company has acknowledged the data breach but claims it is limited.
Toyota confirms breach after stolen data leaks on hacking forum
https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-stolen-data-leaks-on-hacking-forum/
According to BleepingComputer, an IT news site that reported on the issue, the cyber attack targeting Toyota was carried out by a threat actor called ZeroSevenGroup.
The ZeroSeven Group hacked into Toyota's US branch's systems and stole 240GB of data, including employee and customer information, contracts and financial information, and published it on a hacking forum.
Toyota confirmed the data breach to BleepingComputer, saying, 'We are aware of the situation. The issue is limited in scope and is not a system-wide issue.'
Toyota has asked BleepingComputer to review the threat actor's posts.
In a forum post, ZeroSevenGroup claims, 'We hacked the US branch of one of the largest car manufacturers in the world. We are very happy to provide the files here for free. The data size is 240GB. It contains perfect data of contacts, finances, customers, schemes, employees, photos, DBs, network infrastructure, emails and many more. We also provide passwords and AD-Recon of all target networks.'
AD-Recon is an open source software that collects and generates summaries of Active Directory information, a directory service installed on Windows servers. ZeroSevenGroup claims to have used AD-Recon to steal data from Toyota.
While Toyota did not disclose the date and time of the breach, BleepingComputer determined that the files were stolen or created on December 25, 2022, which may indicate that it was a backup server that the threat actors accessed.
Even before this incident, the Toyota Group has frequently been hit by security issues. In November 2023, Toyota Financial Services, which oversees the Toyota Group's financial business, was attacked by ransomware, resulting in a data leak. In January 2024, Toyota Tsusho Insurance Brokers India, an insurance company under the Toyota Group, was involved in a scandal in which Microsoft account login information was leaked.
Microsoft account of Toyota Group insurance company leaked, exposing 25GB of emails and customer information - GIGAZINE
Related Posts:
