Yet Again! Cyber Attack on Toyota Car Maker
Once again Toyota Motor Corporation reported its second data breach. The first attack was in February, and it’s not clear whether the two incidents are related.
The latest incident, revealed Friday, that a breach has affected its sales offices in Japan, breaching data of up to 3.1 million customers. In February, Toyota’s Australia branch announced it had been “the victim of an attempted cyber-attack.”
The breach affected Toyota Tokyo Sales Holding Inc, and its and its affiliated enterprises. According to Toyota Motor Corp.’s statement, which described “unauthorized access” to the company’s network. The servers that hackers accessed, stored sales information on up to 3.1 million customers that included names, dates of birth and employment information. The investigation is continuing.”
“The information that may have been leaked, this time does not include details about credit cards. However, we have not confirmed the fact that customer information has been leaked at this time, but we will continue to conduct detailed surveys, placing top priority on customer safety and security,” Toyota said. “We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern. We take this situation seriously, and will thoroughly implement information security measures at the dealers and the entire Toyota Group,” the statement said.
Security experts believe that Toyota has no clue how, and what data has been exposed or accessed. Why this is so because they are not following data classification policy and monitoring. If it was the case, then any detection or a cyber breach would have alerted the admin, and who in exchange would have taken necessary action.
Toyota has not been able to confirm the extent of the damage with the help of pre-even forensic. So, it’s sceptical if there was any continuous monitoring tool on their security environment.
Link to Vietnamese hacking group
Toyota’s woes come just when there are reports that a Vietnamese hacking group, APT32, is targeting multinational car companies. Toyota has not commented if APT32 is behind the breach to its sales office.
Automobile Industry and Cyber Security
It is a general perception that the automotive industry takes it easy when it comes to cybersecurity practices. It may be because they feel it is not so critical to them. Since their focus is purely on improving the cars and its related technology, very little they concentrate on their IT infrastructure security. The automobile R&D consumes most of its time to better their product against its competitors.
In order to mitigate risk, automobile industry or any other industry for that sake should treat, cybersecurity as an important element of their business. What happens to Toyota is that they failed to continuously monitor their IT infrastructure and performed periodical auditing and review process. Using AI or automated security tool will ensure that your network is not breached with, and you are alerted in advance to control the damage.