Gain insights into Toyota Financial Services’ response, expressing regret for inconvenience and committing to informing affected parties about risks.
The European arm of Toyota’s financing and leasing subsidiary notifies individuals affected by a security breach. On December 5th, Toyota Financial Services (TFS) publicly disclosed the breach, revealing unauthorized access to personal data. Initially identified on November 16th, the breach impacted specific locations, including Toyota Kreditbank GmbH in Germany.
TFS, handling global auto loans, leases, and financial services for Toyota customers, confirmed compromised information, including names and residential postal codes. The breach may have exposed other contract details like amounts, dunning status, and IBANs.
Toyota Deutschland GmbH, affiliated with Toyota Motor Europe, was affected. The breach notification letter in German specified files from Toyota Kreditbank GmbH accessed during the attack.
Expressing regret for inconvenience, TFS acknowledged Medusa’s claim of responsibility. Medusa demanded $8 million, published stolen data, and affected Toyota Kreditbank’s systems temporarily, restarting gradually since December 1st. Initially believed to take usernames, passwords, and passport details, Medusa’s impact extends to three school districts.
First identified in 2022, Medusa targeted 119 organizations in the past year, ranking among the top five ransomware gangs, according to Ransomlooker. Toyota commits to informing parties if further high-risk personal data is discovered.
Story credit
Related stories:
