UPDATED 23:13 EDT / MARCH 31 2019

SECURITY

3.1M customer records stolen in hack of Toyota

Toyota Motor Corp. has announced a new data breach involving the theft of customer details from its dealerships in Japan, its second data breach in five weeks.

The new breach is believed to affect 3.1 million customers and involved the theft of data including customer names, addresses, birthdates, government identification numbers and employment information, but not credit card details.

The theft of the data originated primarily from Tokyo-based Toyota dealers but may have included customer data from outside of Japan as well.

“Toyota Motor North America (TMNA) is monitoring the situation closely and is currently unaware of any compromise of TMNA systems associated with this incident or evidence that Toyota or Lexus dealers in the United States have been targeted,” Toyota’s North American subsidiary said in a statement.

The previous hack in February involved data being stolen from Toyota dealers in Australia. There is some suggestion that the Australian hack may have involved nation-state-sponsored hackers.

ZDNet reported Friday that the hack in Australia is being attributed by some industry experts to “APT32 (OceanLotus), a Vietnamese cyberespionage unit with a known focus on the automotive industry” and that “APT32 hackers might have targeted Toyota’s Australia branch as a way to get into Toyota’s more secure central network in Japan.”

Jonathan Bensen, chief information security officer and senior director of product management at Balbix Inc., told SiliconANGLE that Toyota’s recent data breaches show global enterprises don’t have adequate visibility into their massive networks and infrastructure and thus can’t take proper precautions.

“Any breach of personal identifiable information is reason enough for customers to be alarmed,” he said. “Toyota must also understand that sometimes it is not just about the type of data that was breached, it’s also a breach of trust. Suffering multiple security incidents within such a short time frame can significantly affect company reputation.”

Chris DeRamus, chief technology officer at DivvyCloud Corp., agreed. “There should have been security tools and plans in place already to proactively avoid cyberattacks in the first place,” he said. “Data is the new oil in our digital era and companies should be doing everything they can to protect it.”

Anurag Kahol, CTO of Bitglass Inc., added that Toyota must take swift action not only to strengthen its security but also to try to restore customer trust.

“The company’s initial statement pledging to ‘thoroughly implement information security measures’ now seems illegitimate, as this second breach raises questions about which kinds of security measures if any, it has implemented thus far,” he said. “A global enterprise like Toyota must leverage advanced security solutions appropriate for its massive scale and complex IT infrastructure. Additionally, it must make the shift to a more proactive approach to security.”

Photo: Shuets Udono/Wikepedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU