Toyota Motor North America (TMNA) is refuting claims of a significant data breach following an announcement on a notorious hacker forum. The cybercriminal group, known as ZeroSevenGroup, recently claimed responsibility for compromising a U.S. branch of the automotive giant, asserting that they had exfiltrated 240 GB of sensitive data.
Toyota has swiftly responded to CyberInsider's request for a comment on these allegations, clarifying that its systems had not been breached, attributing the incident to a third-party entity.
‘ZeroSevenGroup' posted on the Breached forums, a platform frequented by cybercriminals, announcing their alleged breach of a U.S. branch associated with Toyota. According to the post, the hackers had obtained a vast amount of data, including customer details, financial records, employee information, and network infrastructure documentation.
CyberInsider
The threat group boasted that they had been lurking within the network for a significant period, offering the stolen data for free to forum members. The threat actors also shared that they had gathered Active Directory reconnaissance data, including passwords, raising concerns about the potential severity of the breach.
Toyota responded to the allegations, emphasizing that its own systems were not compromised. The company stated, “We are aware of the situation. The issue is limited in scope and is not a system-wide issue.” The automaker clarified that the breach appears to involve a third-party entity that had been misrepresented as Toyota, assuring that they are actively working to address the concerns of those impacted.
“Toyota Motor North America was not the subject of this activity,” stated a spokesperson to CyberInsider.
“Contrary to what has been reported, our systems were not breached or compromised. The cited [forum] post appears related to a third-party entity that is misrepresented as Toyota.”
Toyota spokesperson
While the company denies any direct breach of its systems, the leaked dataset might still contain data of Toyota North America customers, a possibility that the firm has not addressed our follow-up requests for additional info. That being said, regardless of the point of breach, the risk for Toyota customers in the U.S. remains high.
People who might be impacted by this data leak should remain vigilant and watch out for phishing/scamming attempts leveraging the exposed information to create convincing lures. If you have an account at Toyota, it would be advisable to reset your password.
U.S. Lawmakers Call for Investigation into TP-Link Over Potential National Security Threats
Deny, deny, and deny. Admit no wrongdoing. When the evidence becomes overwhelming and refutes their claim there was no breach or whatever, they’ll just say sorry and halfwits will accept this without hesitation.