Home > News

Customer Data at Risk After Toyota and Lexus Dealerships Hacked in Japan

By Laura Tucker
News Toyota Dealership Data Breach Featured

By this point we need to realize that data breaches can hit anywhere. No matter where your information is being stored, it’s at risk of being hacked. This includes the information you leave behind after purchasing a car. It was confirmed that Toyota and Lexus dealerships in Japan suffered a data breach of customer data.

Car Dealership Breaches

As many as 3.1 million items of customer data are at risk in the data breach of the Toyota and Lexus dealerships in Japan. Toyota confirmed the attack and said “information that may have been leaked this time does not include information on credit cards,” so perhaps customers can take solace in that.

This is not the first major data breach to hit Toyota, however. Toyota Australia dealt with a disruptive cyber attack in February.

Toyota didn’t publish much information about the hack of the Toyota and Lexus dealerships but do acknowledge “unauthorized access on multiple dealerships around the Tokyo area of Japan on March 21.”

The 3.1 million pieces of customer data was stored on a service that was connected to that network. It’s unknown if it was compromised, and although the company insists no credit card data was compromised, they did not mention what other information may have been breached and acknowledged access but not that it was exfiltrated.

The global senior vice president of cyber security services at Nominet, Simon Whitburn, called it troubling that Toyota is unsure of the extent of the damage.

News Toyota Dealership Data Breach Lexus

“The ability to forensically analyze a data breach is equally as important as presenting it in the first place,” he said. He added that “with so much at risk for customers, businesses cannot afford to play a guessing game about whether data was stolen.”

There was also an attack on Australian dealerships in February, and some security analysts connected it to the Vietnamese cyber security unit known as APT32. The Risky Business podcast suggested that attack could have been used as a preliminary action before the more secure dealerships in Japan were hit.

Whitburn said, “It is thought that the central systems in Japan were accessed through weaknesses in the Australian system, meaning that clearly the network architecture is not secure.”

The Reach of the Attack

The information belonging to all Toyota or Lexus owners could be in danger, as it seems the hackers had access to the Toyota central network. The senior technical evangelist at Synopsys, Tim Mackey, said, “Current and former owners of Toyota vehicles should be concerned about this breach.”

“With attackers potentially gaining access to sales records, that data provides a perfect profile from which to build a spear-phishing attack,” he added.

Are you a Toyota or Lexus vehicle owner? Does this news concern you? Let us know your thoughts on the cyber attack of Toyota and Lexus dealerships in the comments below.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Laura Tucker Avatar
Laura Tucker
Laura has spent more than 20 years writing news, reviews, and op-eds, with the majority of those years as an editor as well. She has exclusively used Apple products for the past 35 years. In addition to writing and editing at MTE, she also runs the site’s sponsored review program.

Read next

In 2016, archaeologists dated two rings of snapped stalagmites in France’s Bruniquel Cave to 176,500 years ago, evidence that Neanderthals had walked 336 metres into darkness with fire and built architecture deep underground long before modern humans reached Europe
Otto von Bismarck was 74 when Germany adopted the world’s first national old-age social insurance program in 1889, setting the pension age at 70 after years of fighting socialists with bans, laws, and a promise few workers would live long enough to use
When cosmonaut Valeri Polyakov stepped out of his Soyuz capsule in March 1995 after 437 consecutive days aboard Mir, doctors recorded him at several centimetres above his pre-flight height, and his spine had become so unaccustomed to gravity that the recovery team carried him to a chair rather than risk the compression of letting him walk.
When Bell Labs engineer Karl Jansky pointed a rotating antenna at the sky in 1932 looking for sources of transatlantic radio static, he kept picking up a faint hiss that peaked every 23 hours and 56 minutes, and he eventually realized he had become the first human to hear the center of the Milky Way.
A contemplative scene with two scientists in a vintage laboratory setting.
When Harvard astronomer Cecilia Payne submitted her 1925 doctoral thesis arguing that the Sun was made almost entirely of hydrogen, the field’s senior figure Henry Norris Russell talked her into adding a line calling the result ‘almost certainly not real,’ and then published the same conclusion himself four years later to widespread acclaim.
When seismic waves from the Chicxulub impact reached what is now North Dakota roughly ten minutes after the asteroid struck, they appear to have triggered a ten-metre standing wave in an inland river that flung fish onto the bank and buried them under glass beads still falling from the sky.
When survivors near Lake Nyos woke on the morning of 22 August 1986, the cattle were dead in the fields, the birds had fallen out of the trees, and 1,746 of their neighbours were lying where they had stood the night before, with no fire, no flood, and no wound to explain it.
In October 2002, a Russian scientist named Dimitri Malashenkov stood up at a space conference in Houston and quietly explained that the dog Laika, whom the Soviet Union had publicly mourned as a heroic week-long orbiter in 1957, had actually died of heat and panic within about five hours of launch.