The ‘ZeroSevenGroup’ user boasted on a popular cybercriminal forum about having hacked the U.S. branch of Toyota and announced sharing the stolen data for free. The Japanese multinational automotive manufacturer confirmed the security incident, as per Bleeping Computer.
Reportedly, the company is aware of the situation and considers it limited in scope while also contacting those affected. However, the breach has yet to be officially acknowledged, and information about the exposed data and individuals has yet to be provided.
The June-activated account’s announcement was posted on August 16 and alleged the threat actor has 240 GB of data, which includes information on Toyota’s contacts, finance, customers, schemes, employees, DBs, and network infrastructure, as well as photos and emails.
The open-source ADRecon tool is also offered “for all the target networks with passwords,” which helps extract data from Active Directory environments.
On May 14, Toyota confirmed reports of a data breach and was under evaluation by the National Privacy Commission (NPC).
In December 2023, Toyota's subsidiary Toyota Financial Services (TFS) announced that sensitive personal and financial customer data was exposed in a Medusa ransomware attack targeting the European and African divisions in November.
In 2020, researchers managed to reverse-engineer the communication between immobilizers in cars and key fobs, creating cloned keys for Toyota, Kia, and Hyundai that work exactly like the original ones. The report noted the “DST80” vehicle immobilizer systems used by Tesla, Toyota, Kia, and Hyundai are very easy to crack.