Toyota Reveals a Second Data BreachHackers Targeted Servers Storing Data on 3.1 Million Customers
Toyota Motor Corp. has reported its second data breach in the past five weeks. The latest incident, revealed Friday, may have exposed data on as many as 3.1 million customers.
See Also: Autonomous Response: Threat Report
In February, Toyota Australia revealed that it had suffered a cyberattack. But it's not clear whether the two incidents are related.
Sales Subsidiaries Targeted
In the most recent incident, Toyota says in a statement, hackers gained unauthorized access to data for several of its sales subsidiaries based in Tokyo. The servers that hackers accessed stored sales information on up to 3.1 million customers that included names, dates of birth and employment information. The investigation is continuing.
"The information that may have been leaked this time does not include information on credit cards. However, we have not confirmed the fact that customer information has been leaked at this time, but we will continue to conduct detailed surveys, placing top priority on customer safety and security," Toyota said. "We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern. We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group."
Lack of Details
Some security experts say it's troubling that Toyota is not yet sure what data has been exposed or accessed.
"Any detection of a cyber breach or attack triggers a need for incident response and forensics. If they are following data classification policies and monitoring them, then they should be able to pinpoint the extent of data leakage and theft," says Delhi-based Alok Gupta, founder and managing director at Pyramid Cybersecurity and Forensics.
"In case they are doing continuous monitoring of their security environment, then they should be able to tell very quickly. A detailed forensic analysis does take time. But pre-event forensic analysis would definitely throw some meaningful answers."
Link to Australian Attack?
When the Australia incident was revealed, some security experts suspected the attack may have been waged by an advanced persistent threat group known as APT32, which is also called OceanLotus.
Some security experts speculated that APT32 hackers might have targeted Toyota's Australia branch as a way to get into Toyota's more secure central network in Japan.
Toyota declined to comment on this theory and refused to attribute the Australian attack to APT32.
Vietnamese "state-aligned" hackers are targeting foreign automotive companies in attacks that appear to support the country's vehicle manufacturing goals, according to cybersecurity company FireEye.
Risk Mitigation Approach
"The automobile industry, in general, lags in cybersecurity practices due to the fact that they do not consider themselves as critical infrastructure and would do the bare minimum to meet the compliances," Gupta contends. "For them, security hygiene is not to take competitive advantage or to improve productivity; it is merely to have the necessary controls in place."
Tim Mackey, technology evangelist at the U.S. IT company Synopsys, says the latest Toyota incident highlights the need for continuous monitoring "beyond reviews performed following an incident or as part of an annual review process."
Gupta says a security orchestration and response solution platform could also help mitigate risks. "I would also recommend using an automated security configuration management tool which can take care of any human error in configuration patching," he says.
Pune-based Rohan Vibhandik, a security researcher with a multinational company, says in order to prevent the spread of the attack, it is essential that Toyota monitor all the traffic though affected network nodes of the victim location.