Toyota warns data breach may have exposed customer financial information

German customers warned of data breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Weeks after Toyota confirmed aransomwareattackaffecting Toyota Financial ServicesEurope & Africa, the Japanese automaker has now confirmed that customer data may well have been exposed.

At the time, Medusa Ransomware, the group behind the attack, claimed to have stolen financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more.

Now, the company has been informing customers that their data has been affected, with letters being sent to some German customers.

Toyota ransomware attack breached personal data

At the time, Toyota Financial Services was told that it could cough up $8 million to have the ransomware group delete the stolen files, or extend this deadline for the sum of $10,000 per day.

It now appears that Toyota did not give in to the group’s demands, and customer data has since been spotted for sale on Medusa’s website.

A letter to German customers (translated to English usingGoogleTranslate) seen by German news outletHeisereads: “According to the current status of the investigation, your last name, first name, the postcode of your place of residence and possibly other contact information… are affected.”

Other data may include financial details, including contract amount and IBAN. Should Toyota’s investigation, which is still underway with a “leading” cybersecurity company, reveal any more high-risk data that has been leaked, the company promises to issue further notices.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Heisealso noted that customer payments and vehicle deliveries saw a service interruption as a result of the attack, but that services were being restored from December 1.

A Toyota spokesperson told TechRadar Pro in an email that Toyota Financial Services is “working closely with law enforcement” and that the investigation is still ongoing, but for now, the company believes that only German customer data was affected. German customers have been informed “in line with all legal and data protection requirements.”

Toyota declined to comment on whether it had paid the ransom fee.

More from TechRadar Pro

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set