Toyota is letting itself be hacked (again).

Toyota announced that it has been the victim of a cyber attack. So the Japanese automaker is still far from finished.

The incident occurred on November 16 at Toyota Kreditbank Gmbh, a German branch of the company that prepares financing plans for the purchase of a new car. Hackers from the Medusa ransomware group claim they were able to seize customers’ personal data, such as invoices, passwords, sales contracts, and ID card scans. The hackers also made this data public because Toyota did not agree to pay the ransom. They demanded $8 million, plus an additional $10,000 for every day unpaid.

In the latest communication Toyota itself also appears to admit to stealing customer data. “The attack on the systems gave unauthorized persons access to personal data,” the message, translated from German to Dutch, said. Affected customers have been notified and the compromised systems have been back online since December 1st.

Bleeding servers

It’s still a matter of conjecture as to how the attackers got into Toyota, but… Security Week He thinks he knows better. The attack is said to be a result of the Citrix Bleed vulnerability. This vulnerability in various types of Citrix NetScaler servers has been known since July and is eagerly used by attackers. The patch has been available since the end of October, but unless you delete active user sessions, the patch will have little impact.

Read also

Patch alone is not enough to stop Citrix Bleed error

Not the first time

Whatever happens, the Japanese car manufacturer is not far behind in this new incident. In March 2022, it was forced to halt production after an attack on a major supplier of auto parts. But sometimes Toyota also makes critical mistakes itself. At the end of last year, the company was forced to apologize for providing public access to customer information for five years.

See also  Astronomers are at a loss: ancient galaxies have discovered that it should not exist

Production had to be halted again in September. This time not after a cyber attack, but because the server’s storage capacity has reached its limit. Overall, you can call Toyota anything but a textbook example of IT best practices.

Winton Frazier

 "Amateur web lover. Incurable travel nerd. Beer evangelist. Thinker. Internet expert. Explorer. Gamer."

Leave a Reply

Your email address will not be published. Required fields are marked *