Toyota suffers second data breach in five weeks

Japanese car manufacturer Toyota has suffered a second data breach in the space of five weeks, leading to the data of 3.1m customers being accessed through a malicious attack.
Toyota said that hackers breached its IT systems and gained access to information belonging to several of its sales subsidiaries.
"We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group," said the company.
The nature of the stolen information is yet to be disclosed but Toyota assured its customers, along with Lexus car owners who are also affected, that customer financial information was not part of the breached data set.
Toyota has also not confirmed whether data on the hacked server has been exfiltrated by the hackers but the company has launched an investigation into the incident.
The nature of the data is still not entirely certain, but experts said that because the data relates to the company's sales arms, the data contained by these subsidiaries could lead to more targeted attacks on customers if the data was exfiltrated at all.
"Current and former owners of Toyota vehicles should be concerned about this breach," said Tim Mackey, senior technical evangelist at Synopsys. "With attackers potentially gaining access to sales records, that data provides a perfect profile from which to build a spear phishing attack."
"Moving forward, Toyota customers receiving any communication purporting to be from Toyota should take extra measures to confirm its legitimacy," he added.
"The ability to forensically analyze a data breach is equally as important as preventing it in the first place," said Simon Whitburn, global SVP of cyber security services at Nominet, in a statement sent to IT Pro.
"With so much at risk for customers, businesses cannot afford to play a guessing game about whether data was stolen. Monitoring data patterns at a DNS level is a good place to start, as packets could be analyzed and tracked from source to whatever server they were exfiltrated to."
In late February 2019, Toyota was hit by an "attempted cyber attack", according to a brief company announcement.
At the time, the company believed that no private employee or customer data was acquired through the attack and that the company's own IT department was managing the situation.
Following the news, analysts attributed the initial attack on Toyota to a group labelled 'APT32' or 'OceanLotus Group', a Vietnamese hacking outfit believed to be targeting the auto industry specifically. It's unknown whether the same group could be behind the most recent attack on the car manufacturer.
source itpro
Industry: Cyber Security News

Latest Jobs
-
- Network Security Engineer
- Germany
- €550 a day
-
German- based contract opportunity This is an onsite based position, we would need the Network Security engineer to be able to work on the client site 5 days a week Seeking an experienced Network Security Engineer for a leading technology company. Strong expertise in firewall/IPS solutions, proxy solutions, and certificate management is required. Good hands-on experience in networking and web-related technologies necessary. Strong problem-solving skills and the ability to work under pressure are essential. we are looking for a Network Security Engineer with the following experience: · Expertise in Administration, Management & Troubleshooting of Firewall / IPS solutions / Proxy solutions/Certificate Management Solutions · Good Hands-on Experience on security devices (PaloAlto/ /McAfee Proxy/CISCO ISE/Certificate Management) · Good Hands-on Experience in Networking with skills of switching, routing & wireless Technologies · Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocol · Configuration of NAT / PAT, firewall policies, profiling, objects, AD-Integration, backup – restore · Knowledge of Subnetting TCP/IP Communication, VLSM Configuration of VLAN VTP · Configuration of Routing Protocols e.g. RIPv1 & v2, OSPF, EIGRP, BGP Knowledge of standard and extended ACL 12 month contract
-
- IAM Consultant
- N/A
- Upto £110,000 depending on level of position
-
Identity Access Management (IAM) Consultant Location: Germany We are seeking an experienced IAM consultants in Germany. we are looking for people from consultant through to Architect, The ideal candidate will have previous IAM deployment experience and be fluent in German. Key responsibilities: Design and implement IAM solutions for clients Provide expertise on industry best practices and standards Troubleshoot and resolve IAM-related issues Work closely with clients to understand their business requirements and provide solutions to meet those needs Qualifications: Previous deployment experience with IAM solutions Fluency in German Strong understanding of IAM technologies and principles Excellent communication and project management skills If you are an experienced IAM consultant with a strong track record of delivering successful projects, please apply today.
-
- ForgeRock Consultant
- Spain
- Upto €85000 plus benefits
-
ForgeRock deployment consultant is needed for this expanding IT Services business within Spain, to act as their ForgeRock technical lead, Responsibilities include: High level and low level design, Scoping the techical needs of the project design, configure, develop and test the forgeRock deployment. We are looking for a strong IAM consultant ideally with ForgeRock experience, Must have strong Oauth 2.0, SAML and API experience
-
- IAM Consultant
- France
- Upto €85000 plus benefits
-
An Identity & Access Management Consultant is needed for an expanding IT Security consultancy, based in France. (Remote role with monthly office meet-ups) The Identity & Access Management Consultant will be responsible for the technical design and implementation of Identity & Access Management/IAM products for a wide variety of clients. Deliver bespoke end-to-end consultancy service to our clients, from gathering requirements through to implementation. Work in a close team designing, developing, and implementing first-class IAM solutions. Manage client relationships, working closely with key stakeholders to continually evaluate business requirements and ensure the highest quality solution delivery. If you are interested we are looking for an individual with Previous experience working within the IAM or CIAM field is essential, Strong knowledge with SAML and Oauth and ideally OpenID Previous experience from any of these technologies: One Identity, SailPoint, Saviynt, Ubisecure, Ping Identity, would be advantageous