A ransomware group by the name of Medusa has posted screenshots of multiple documents and a data file tree on its website, claiming to have taken confidential information from Toyota Kreditbank GmbH. Should the corporation not pay the $8 million ransom demand by November 26th, the data leakers have threatened to publish the information. An inquiry into the incident is underway, a Toyota representative has confirmed.
Sensitive customer data belonging to over two million individuals may have been compromised by a cloud misconfiguration on the servers of the automaker Toyota. Due to a misconfiguration in the cloud, from November 6 2013 to April 17, 2023, unauthorized parties could access sensitive data belonging to people who subscribed to Toyota services T-Connect, G-Link, G-Link Lite, and/or G-BOOK between January 2, 2012, and April 17, 2023.
Toyota explained the misconfiguration of the cloud as the result of “insufficient explanation and thoroughness of data handling rules.” The company announced that it will be “thoroughly educating employees and working to prevent recurrence” in addition to implementing “a system to audit cloud settings, conduct a setting survey of the cloud environment, and build a system to monitor the setting status on an ongoing basis” in an effort to stop additional leaks.
Automaker Toyota is getting back up and running in Europe and Africa, due to a cyberattack that takes its system offline. Toyota Financial Services Europe and Africa released a statement stating that it had detected inappropriate behavior on some of its sites’ systems and had taken some of them offline for further examination.
The automaker has not acknowledged the problem’s origin, scope, or nature; instead, the Medusa ransomware group has taken credit for the incident. Cybercriminals have targeted Toyota Financial Services and demanded a ransom of US $8 million, with 10 days to respond.
Toyota’s internet-accessible systems are susceptible to the “Citrix Bleed” vulnerability, which has impacted numerous organizations and governments in the past month, according to cybersecurity expert Kevin Beaumont, who made this observation on X. Citrix Bleed is a serious vulnerability that affects several Citrix Netscaler Gateway and ADC product versions.
A ransomware-as-a-service (RaaS) gang that has been active since 2021 is called the Medusa group. Before using PowerShell to execute commands and erase shadow copy backups to stop data restoration, the actors typically obtain access to systems through weak remote desktop protocols (RDP) and phishing campaigns. It is also capable of propagating throughout networks, deactivating defense mechanisms, and increasing system privileges.
A technology company founded by two of Canada’s biggest banks was recently targeted by the Medusa group. The group was responsible for earlier this year’s attacks on a Minnesota school district, an Italian water company, and the Philippine government agency in charge of the country’s healthcare system.
Financial services in Europe and Africa were affected by the Toyota hack
Toyota said that in addition to conducting its own investigation into the incident, it is collaborating with law enforcement. We have begun reactivating our systems online in the majority of nations. We are sorry for any inconvenience we may have caused to our clients and business associates, and we are working hard to get the systems back online as soon as possible. It further stated that this incident is currently exclusive to Toyota Financial Services Europe and Africa.
Toyota was compelled to issue an apology earlier this year after a cloud configuration error revealed personal data on over two million customers. “We think that the primary reason for this event was that the guidelines for managing data weren’t sufficiently detailed and clarified,” the company stated.
After conducting a security investigation, Toyota stated that although it “cannot completely deny it, it cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored.”
Additionally, Toyota promised to personally inform each person impacted by the security breach.