With the new data breach, Toyota said that hackers accessed servers that stored sales information on up to 3.1 million customers. The car maker said there’s an ongoing investigation to find out if hackers exfiltrated any of the data they had access to.
Toyota said the servers that hackers accessed stored sales information on up to 3.1 million customers. The list of customers https://www.darkreading.com/attacks-breaches/toyota-customer-information-exposed-in-data-breach/d/d-id/1334291 Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor, Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo, Lexus Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo Corolla.
A Toyota spokesperson said: “”We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern. We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group.”
However, the fact the breach happened showed internal flaws with the company’s IT systems, according to Jonathan Bensen, CISO and senior director of product management, Balbix. Bensen told Digital Journal: “Toyota’s recent data breaches highlight the fact that global enterprises do not have ample visibility into their massive networks and infrastructure, and therefore are not able to take proper actions to avoid data leaks.”
He also casts doubts over Toyota’s reassurances: “The car maker has made statements to try and reassure affected individuals that financial information was not exposed. However, any breach of personal identifiable information is reason enough for customers to be alarmed. Toyota must also understand that sometimes it is not just about the type of data that was breached, it’s also a breach of trust.”
Also weighing in on the incident, Chris DeRamus, CTO, DivvyCloud raises concerns to Digital Journal about Toyota’s security protocols: “Toyota said that they are taking this incident seriously and will thoroughly implement information security measures at dealers and the entire Toyota Group, however there should have been security tools and plans in place already to proactively avoid cyberattacks in the first place. Data is the new oil in our digital era and companies should be doing everything they can to protect it.”
In terms of what could and should be done, DeRamus adds: “Global organizations must balance their use of modern technologies (i.e. public cloud, containers, hybrid infrastructure, etc.) that are essential for maintaining a competitive market stance with the need for proper security controls.”
He also advises: “Leveraging automated security solutions that allow for seamless and continuous policy enforcement provides companies with the framework to successfully reduce risk and maintain compliance across their entire environment.”