Toyota Security Breach Exposes Personal Info of 3.1 Million Clients, could be part of Vietnam attack

The personal information of roughly 3.1 million Toyota customers may have been leaked following a security breach of multiple Toyota and Lexus sales subsidiaries, as detailed in a breach notification issued by the car maker today.

As detailed in a press release published on Toyota’a global newsroom, unauthorized access was detected on the computing systems of Tokyo Sales Holdings, Tokyo Tokyo Motor, Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo, Lexus Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo Corolla.

“It turned out that up to 3.1 million items of customer information may have been leaked outside the company. The information that may have been leaked this time does not include information on credit cards,” says the data breach notification.

[…]

Security experts consider the attacks targeting Toyota’s subsidiaries and dealers to be part of a large scale coordinated operation attributed to the Vietnamese-backed APT32 hacking group, also known as OceanLotus and Cobalt Kitty, says ZDNet.

FireEye says that APT32 is targeting “foreign companies investing in Vietnam’s manufacturing, consumer products, consulting and hospitality sectors.”

APT32 also targeted research institutes from around the world, media organizations, various human rights organizations, and even Chinese maritime construction firms in the past. [1, 2, 3, 4, 5, 6, 7]

Source: Toyota Security Breach Exposes Personal Info of 3.1 Million Clients

No mention of what data exactly was stolen, which is worrying.