Toyota Data Breach Steers Financial Info And Personal Details Into Hands Of Hackers

It would seem that Toyota cannot catch a break. Just weeks after discovering the company ran out of server disk space, shutting down production lines, and that Toyota vehicles could be compromised through the headlights, the company is telling German customers that some of their personal data may have been compromised in a breach that was initially announced on November 16th.

In a post to the Toyota website, the auto manufacturer reports that it had detected “unauthorized activity on systems at a limited number of locations, including Toyota Kreditbank GmbH in Germany” in November. Toyota explains that, with this attack, the threat actor managed to access personal data, causing systems to be locked down by the security folks at Toyota. As of the beginning of December, though, systems at Toyota Kreditbank GmbH were being brought back online incrementally.


The attack may have been carried out by the extortion group Medusa that has since published the compromised data to its site. The screenshots shown there indicate that not only personal financial information was compromised, but also internal information such as username and password combinations for development and production IT infrastructure. German outlet Heise also reports that, according to notices sent to customers, the personal data includes surname, first name, address, International Bank Account Number (IBAN), and other “contract information.”

Regardless of exactly what information was compromised, this is a significant breach that is now in the public domain. The threat actors, who purportedly demanded $8m from Toyota, didn't get their payday and subsequently published the data. Now it's up for anyone to download, so take the necessary steps to secure your personal information if you may have been affected.