Toyota Financial Services (TFS), a subsidiary of Toyota Motor Corporation, a global entity with a presence in 90% of the markets where Toyota sells its cars.
TFS is warning customers of a data breach that exposed sensitive personal and financial information. Unauthorized access was detected on some of its systems in Europe and Africa, with threat actors, identified as Medusa ransomware, demanding a payment of $8,000,000 to delete the stolen data. Toyota has not negotiated a ransom payment, and the stolen data is now available on Medusa's extortion portal on the dark web.
The compromised data includes:
IBAN (International Bank Account Number)
This type of data can be exploited for phishing, social engineering, scams, financial fraud, and identity theft attempts.
The breach was detected when Medusa ransomware claimed successful compromise, leading to unauthorized access on TFS systems in Europe and Africa. In response, Toyota took certain systems offline to contain the breach, impacting customer services. The company has not negotiated a ransom payment, and currently, all data has been leaked on Medusa's extortion portal on the dark web.
Toyota Kreditbank GmbH in Germany was identified as one of the impacted divisions, with hackers gaining access to customers' personal data. The compromised data has been verified based on an ongoing investigation, and while the internal investigation is not complete, there is a possibility that attackers accessed additional information.
Toyota promises to promptly update affected customers as the internal investigation progresses and reveals further data exposure. BleepingComputer has sought additional information from Toyota, including the exact number of exposed customers, but as of the publication time, no response has been received.