Latest Toyota Data Breach: Evidence of an Industry Under Attack

Latest Toyota Data Breach: Evidence of an Industry Under Attack

Hackers have identified the auto industry as ripe for the picking. Attackers often share information regarding potential targets and methods.

Working in cybersecurity and especially in a consulting role certainly has its moments of premonition. We watch breach trends and do our best to prepare those we protect. It never feels good when these “told you so” moments happen, but it does highlight the importance of the work we do.

In October, I gave a presentation at the Massachusetts State Auto Dealers Association’s annual meeting, titled “Dealership Security: State of the Industry from a Cybersecurity Perspective.” In this presentation, I warned auto dealers of the likelihood of increased attacks within the industry, especially after the enhanced FTC Safeguards Rule and fines/penalties they are now subject to. In fact, a Midwest auto dealer was hit with a ransomware attack just days after the final amended FTC Safeguards Rule Deadline.

I had a slide that highlighted two concerning headlines from earlier this year:

“Auto dealers are prime targets for hackers, warn researchers


“Toyota supplier portal breached by white hat hacker”

It’s a lethal combination to have a vulnerable industry, which hackers have identified as ripe for the picking. Attackers often share information regarding potential targets and methods. Research shows that they identify the auto industry as an ideal target, citing outdated technology and inadequately trained workforce as the reason. My exact words during my presentation were: “Toyota was lucky it was a good guy that found it this time.”

OCD Tech's Robbie Harriman sheds light on cybersecurity threats in auto dealerships.

Don’t miss our Executive Spotlight interview with Robbie Harriman.

Tune in to the video to learn about the prevailing cyber threats facing dealerships today. Click HERE.

And then recently, this headline hit the news: “Toyota confirms breach after Medusa ransomware threatens to leak data.” Toyota was not so lucky this time.

Toyota Financial Services Europe & Africa was the victim of a ransomware attack to the tune of $8 million, at the threat of releasing a large amount of sensitive consumer and internal data. But, at least the attack group was “nice” enough to include an option to extend the deadline… At “only” $10,000 a day…

Medusa has since made the stolen data available for purchase on their dark web site, indicating that the ransom was not paid. Toyota then started notifying some German customers that their financial information was compromised as a result of the breach. While Toyota has not confirmed the cause of the breach, it has been speculated that stolen credentials or phishing could have been the cause. A security researcher also posted publicly prior to the incident that Toyota Financial Services had an exposed system in Germany with a known vulnerability called “CitrixBleed,” which ransomware groups have been targeting. All these speculated attack vectors point back to the same weaknesses attackers highlighted as a reason to prey on the industry earlier this year.

A new trend we see with these attacks, is attackers leveraging regulatory compliance as a motivating factor for their victims to pay a ransom, as they know data breaches may result in fines/penalties. This effect is insult on top of the injury of downtime, resulting loss of revenue, damage to reputation, cost of credit monitoring services for victims of a breach and countless other impacts — some directly financial and others intangible.

These attackers know the stakes are higher now for the auto industry, especially with the latest amendment to the FTC Safeguards last month to include reporting requirements. In other regulated industries, we’ve started to see attackers employ a new tactic — threatening not only to release compromised data, but also to report their victims to a regulatory authority. Just last month a ransomware group filed a complaint with the U.S. Securities & Exchange Commission when one of its victims, a software company, failed to meet the reporting threshold under a new rule, similar to the requirements the FTC has adopted (albeit with a much shorter window for reporting).

The amounts the attackers chose for the Toyota ransom, expiration date and extension option are not arbitrary, but carefully calculated to maximize inflicted damage and increase likelihood of payout. They do their research, know their targets and are prepared.

We must be more prepared.

Some hard-hitting industry-specific statistics here:

  • Only 53% of polled auto dealers are confident in their security (actually up 16% from last year. More on that below.*)
  • 17% of dealers experienced a cyberattack or incident in the past year.
  • The average ransom amount is $740,144.
  • 84% of consumers polled would not purchase another vehicle from a dealership if their data was breached.

and of those dealerships that experienced a cyberattack:

  • 85% reported that incidents occurred as a result of phishing
  • 46% resulted in negative financial/operational impact
  • 69% reported employee downtime
  • 31% reported damage to reputation

*But — there is hope! Let’s move into the solution here:

  • 75% of dealers that chose to become compliant with the FTC Safeguards saw significant improvement of their security after those efforts.
  • The key actions identified above included:
    • Identifying a qualified individual to oversee their cybersecurity
    • Implementing cybersecurity training for all employees
    • Implementing multi-factor authentication throughout the network
    • Performing a risk assessment, conducted by a reputable source
    • Basing their information security program on aforementioned risk assessment
    • Developing an Incident Response Plan

If you haven’t taken these steps toward compliance and improving overall security, now is the time to start.

These attacks are not likely to decrease until we change attackers’ opinion of the industry. It’s imperative that dealers work with a partner to implement these security best practices above, to best protect themselves against these ever-increasing, ever-evolving threats.


You May Also Like

The SMS Paradigm: Reshaping Customer Engagement in the Automotive Industry

By reaching out through SMS, we have tapped into the potential of a less invasive, yet highly effective, method of communication.

The SMS Paradigm: Reshaping Customer Engagement in the Automotive Industry

In an industry that thrives on connection and communication, auto dealerships are turning toward a more nuanced and contemporary approach to engage with potential buyers. The shift from voice calls to SMS as the primary form of initial customer contact has not only been a response to the changing landscape of communication but also a strategic move to dramatically increase engagement rates and efficiency.

Don’t Be ‘Nice’ to Your Team — Be Caring

Here are four steps to take to lead a team that minimizes critical actions and will put our team members on the path to success.

team leadership
The Top 3 Reasons You’re Missing on Used Vehicles

As front-end profits tighten, misses on used vehicles hurt more. To tighten up acquisition and pricing, you need a different way of operating.

The Top 3 Reasons You’re Missing on Used Vehicles - AutoVision
Everyday Actions, Monumental Outcomes

It is in the quiet moments of consistent work that our skills are sharpened and our goals are realized.

True success is the product of a daily grind, forged from focus, dedication and perseverance.
Celebrating a Year’s Worth of Automotive Industry Standouts

As we bid farewell to this year, let’s extend another heartfelt shout-out to each of our remarkable 2023 honorees.

Celebrating a Year’s Worth of Automotive Industry Standouts

Other Posts

Is a Vehicle Test Drive Still Relevant Today?

An important part of the process, the test drive is the strongest opportunity to build the customer’s positive emotions around the vehicle.

Is a Vehicle Test Drive Still Relevant Today?
Is Marketing Both the Problem and Solution for the EV Market?

Marketing can answer consumers’ questions and demystify the EV buying journey.

Is Marketing Both the Problem and Solution for the EV Market? myAutoIQ article
Closing the Appraisal Gap

A new OBD II enriched with VIN-centric reconditioning cost data, not estimates, is now integrated into workflow software to eliminate intentionally overlooked or ignored yet authentic reconditioning exposure at appraisal.

Closing the Appraisal Gap - Rapid Recon
Bridging the Communication Gap: Dispelling the Opt-in Text Myth in Dealership CRMs

There are common misconceptions harbored by some CRM providers in the automotive industry that are hindering dealers’ communications with their customers.