Toyota has acknowledged that its network was compromised after a threat actor released a 240GB archive of data stolen from the company’s systems on a hacking forum.

“We are aware of the situation. The issue is limited in scope and is not a system-wide issue,” Toyota informed BleepingComputer when asked about the legitimacy of the threat actor’s claims.

The company is “engaged with those who are impacted and will provide assistance if needed.” However, Toyota has not yet disclosed details about when the breach was discovered, how the attacker gained access, or the number of individuals affected by the incident.

The hacker group, ZeroSevenGroup, claimed responsibility for the breach, stating they infiltrated a U.S. branch of Toyota and stole 240GB of data. The stolen files allegedly contain information on Toyota employees and customers, contracts, and financial data.

Additionally, the group claims to have obtained network infrastructure details, including credentials, using the open-source tool ADRecon, which extracts extensive information from Active Directory environments.

Buy Me A Coffee
Source: Bleepingcomputer

“We hacked a branch in the United States belonging to one of the world’s largest automotive manufacturers (TOYOTA). We are pleased to share the 240GB of data with you here for free,” the threat actor boasted.

The leaked data reportedly includes contacts, financial records, customer information, employee details, photos, databases, network infrastructure details, emails, and more. The hackers also offered access to ADRecon data, complete with network passwords.

While Toyota has not specified the exact date of the breach, BleepingComputer discovered that the stolen files were likely taken or created on December 25, 2022. This suggests that the hackers may have accessed a backup server where the data was stored.

READ
Los Angeles Housing Authority Hit by Cactus Ransomware Attack, Sensitive Data at Risk

This incident follows a previous breach in December last year when Toyota Financial Services (TFS) warned customers that their sensitive personal and financial data had been exposed in a Medusa ransomware attack. That breach impacted Toyota’s European and African divisions.