Toyota has disclosed a data breach that may have affected up to 3.1 million customers. It’s the second time the car manufacturer has been breached in the last five weeks.
In a statement released on 29 March 2019, the organisation confirmed that several of its Asian subsidiaries were targeted by criminal hackers. It said that it is taking the situation seriously and will implement security measures at dealers and the entire Toyota group.
Few details have emerged about the breach, with Toyota stating that it is still investigating what data might have been breached, or if anything has been compromised at all.
The only facts that have been established are the subsidiaries that were attacked:
- Toyota Tokyo Sales Holdings
- Tokyo Tokyo Motor
- Tokyo Toyopet
- Toyota Tokyo Corolla
- Nets Toyota Tokyo
- Lexus Koishikawa Sales
- Jamil Shoji
- Toyota West Tokyo Corolla
Both organisations said that they have “come to be aware of a possibility” of a breach, and that “while we have no evidence of customer information loss at this moment, details are currently under investigation, and we intend to share further specifics, if any, as soon as details are available”.
One of the few certainties of the incident, according to Toyota, is that no financial information was affected, although we’d push the brakes on that conclusion, given that the investigation is still ongoing.
Erring on the side of caution
You might not expect an organisation to disclose a data breach if it wasn’t sure it had even been breached, but Toyota’s decision is almost certainly influenced by the attack on Toyota Australia in February.
In that incident, the corporate IT systems of the car manufacturer’s Australian branches were knocked offline following a cyber attack, which security experts believe is linked to the latest attack.
Either way, Toyota’s transparency can only be a good thing, as the damage – from a customer standpoint – is minimal, and the organisation’s response has been exemplary. The only thing missing is a more effective security system.