Toyota Reveals a Second Major Data Breach Within Two Months

As you probably know, when a company with millions of customers issues an official announcement that contains the statement 'we take security very seriously', the said company has most likely been a victim of a cyberattack. Toyota drivers were reminded of this fact not once, but twice in the span of no more than a few weeks.

Attack #1: Few details and lots of speculation

It all started in February when hackers attacked Toyota's Australian arm. Unfortunately, the carmaker's reaction was not exactly exemplary. The two statements issued in the wake of the incident were way too short and uninformative. What we did manage to learn for sure was that the attack was first detected on February 19, that Toyota believed no customer or employee data had been stolen, and that as a result of the hack, there were delays in parts supplies and servicing operations.

The official information was scarce, but given that we're talking about one of the world's biggest automotive brands, it was not surprising to see cybersecurity experts trying to figure out what had happened exactly. After examining all the information, researchers from FireEye concluded that the attack wasn't the deed of a bunch of hooded teenagers who happen to be fans of other car manufacturers. The experts said that there was a good chance the automotive giant had fallen victim to APT32 (a.k.a. OceanLotus) – a highly sophisticated hacking group that is thought to be linked to the Vietnamese government.

Analyzing a cyberattack is a complex process, and figuring out who has done it is arguably the most difficult bit. Attribution is often surrounded by controversy and allegations that cybersecurity firms are just pointing fingers at hacking crews in order to get some exposure. In this particular case, however, FireEye's experts might just be onto something.

Attack #2: Customer data exposed as hackers get closer to Toyota’s HQ

On March 29, Toyota announced the second attack it has suffered in less than a month and a half. This time, the hackers struck closer to the corporation's heart – Japan. They managed to infiltrate the IT infrastructure of several of Toyota's Japanese subsidiaries, and they made off with sales information that belongs to 3.1 million customers. The carmaker didn't say what sort of details were exposed, but it did point out that customers' financial information remained safe.

On the same exact day, Toyota's subsidiaries in Vietnam and Thailand announced that they too had been attacked. Once again, the official announcement is very light on details, which, naturally enough, means that a lot of questions are being asked. Here's one of them.

How does APT32 fit into all this?

In the aftermath of the attack on Toyota Australia, FireEye's researchers predicted that APT32 would use the carmaker's Down Under subsidiary to try and break into its core operations in Japan. Obviously, nobody can say with absolute certainty whether the APT32 hackers really are behind all this, but at the same time, nobody can deny the two attacks that have taken place and the fact that FireEye's forecast seems to be pretty accurate so far. Couple this with the fact that Toyota's Vietnamese branch was also affected, and you'll end up with more reasons to believe that APT32 might be responsible.

FireEye has been following APT32 closely for years, and its research shows that the group has an arsenal of sophisticated weapons that can be used for elaborate cyber espionage campaigns. In a Bloomberg interview published on March 20, just days before the second attack on Toyota, Nick Carr, a senior manager at the cybersecurity company, said that for the last few months, the Vietnamese hackers have been focusing on the automotive industry.

It's no secret that the government of the Southeast Asian country likes the idea of Vietnamese people buying cars that were designed and built by a domestic corporation rather than a foreign one. And if FireEye's research is to be believed, the said government has never been one to shy away from a spot of industrial cyber espionage. Obviously, the evidence (at least the publicly available research) is circumstantial, but at the moment, Toyota has the largest share of Vietnam's car market, so if you're trying to steal secrets or disrupt the operation of a competitor, the Japanese giant will probably be one of your first choices.