Toyota warns data breach may have exposed customer financial information

Weeks after Toyota confirmed a ransomware attack affecting Toyota Financial Services Europe & Africa, the Japanese automaker has now confirmed that customer data may well have been exposed.

At the time, Medusa Ransomware, the group behind the attack, claimed to have stolen financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more.

Now, the company has been informing customers that their data has been affected, with letters being sent to some German customers.

Toyota ransomware attack breached personal data

At the time, Toyota Financial Services was told that it could cough up $8 million to have the ransomware group delete the stolen files, or extend this deadline for the sum of $10,000 per day.

It now appears that Toyota did not give in to the group’s demands, and customer data has since been spotted for sale on Medusa’s website.

A letter to German customers (translated to English using Google Translate) seen by German news outlet Heise reads: “According to the current status of the investigation, your last name, first name, the postcode of your place of residence and possibly other contact information… are affected.”

Other data may include financial details, including contract amount and IBAN. Should Toyota’s investigation, which is still underway with a “leading” cybersecurity company, reveal any more high-risk data that has been leaked, the company promises to issue further notices.

Heise also noted that customer payments and vehicle deliveries saw a service interruption as a result of the attack, but that services were being restored from December 1.

TechRadar Pro has asked Toyota to confirm whether customer data from other regions outside of Germany may also have been affected. The company did not immediately respond.