By this point we need to realize that data breaches can hit anywhere. No matter where your information is being stored, it’s at risk of being hacked. This includes the information you leave behind after purchasing a car. It was confirmed that Toyota and Lexus dealerships in Japan suffered a data breach of customer data.
Car Dealership Breaches
As many as 3.1 million items of customer data are at risk in the data breach of the Toyota and Lexus dealerships in Japan. Toyota confirmed the attack and said “information that may have been leaked this time does not include information on credit cards,” so perhaps customers can take solace in that.
This is not the first major data breach to hit Toyota, however. Toyota Australia dealt with a disruptive cyber attack in February.
Toyota didn’t publish much information about the hack of the Toyota and Lexus dealerships but do acknowledge “unauthorized access on multiple dealerships around the Tokyo area of Japan on March 21.”
The 3.1 million pieces of customer data was stored on a service that was connected to that network. It’s unknown if it was compromised, and although the company insists no credit card data was compromised, they did not mention what other information may have been breached and acknowledged access but not that it was exfiltrated.
The global senior vice president of cyber security services at Nominet, Simon Whitburn, called it troubling that Toyota is unsure of the extent of the damage.
“The ability to forensically analyze a data breach is equally as important as presenting it in the first place,” he said. He added that “with so much at risk for customers, businesses cannot afford to play a guessing game about whether data was stolen.”
There was also an attack on Australian dealerships in February, and some security analysts connected it to the Vietnamese cyber security unit known as APT32. The Risky Business podcast suggested that attack could have been used as a preliminary action before the more secure dealerships in Japan were hit.
Whitburn said, “It is thought that the central systems in Japan were accessed through weaknesses in the Australian system, meaning that clearly the network architecture is not secure.”
The Reach of the Attack
The information belonging to all Toyota or Lexus owners could be in danger, as it seems the hackers had access to the Toyota central network. The senior technical evangelist at Synopsys, Tim Mackey, said, “Current and former owners of Toyota vehicles should be concerned about this breach.”
“With attackers potentially gaining access to sales records, that data provides a perfect profile from which to build a spear-phishing attack,” he added.
Are you a Toyota or Lexus vehicle owner? Does this news concern you? Let us know your thoughts on the cyber attack of Toyota and Lexus dealerships in the comments below.