Latest Toyota Data Breach: Evidence of an Industry Under Attack

Latest Toyota Data Breach: Evidence of an Industry Under Attack

Hackers have identified the auto industry as ripe for the picking. Attackers often share information regarding potential targets and methods.

Working in cybersecurity and especially in a consulting role certainly has its moments of premonition. We watch breach trends and do our best to prepare those we protect. It never feels good when these “told you so” moments happen, but it does highlight the importance of the work we do.

In October, I gave a presentation at the Massachusetts State Auto Dealers Association’s annual meeting, titled “Dealership Security: State of the Industry from a Cybersecurity Perspective.” In this presentation, I warned auto dealers of the likelihood of increased attacks within the industry, especially after the enhanced FTC Safeguards Rule and fines/penalties they are now subject to. In fact, a Midwest auto dealer was hit with a ransomware attack just days after the final amended FTC Safeguards Rule Deadline.

I had a slide that highlighted two concerning headlines from earlier this year:

“Auto dealers are prime targets for hackers, warn researchers

and

“Toyota supplier portal breached by white hat hacker”

It’s a lethal combination to have a vulnerable industry, which hackers have identified as ripe for the picking. Attackers often share information regarding potential targets and methods. Research shows that they identify the auto industry as an ideal target, citing outdated technology and inadequately trained workforce as the reason. My exact words during my presentation were: “Toyota was lucky it was a good guy that found it this time.”

OCD Tech's Robbie Harriman sheds light on cybersecurity threats in auto dealerships.

Don’t miss our Executive Spotlight interview with Robbie Harriman.

Tune in to the video to learn about the prevailing cyber threats facing dealerships today. Click HERE.

And then recently, this headline hit the news: “Toyota confirms breach after Medusa ransomware threatens to leak data.” Toyota was not so lucky this time.

Toyota Financial Services Europe & Africa was the victim of a ransomware attack to the tune of $8 million, at the threat of releasing a large amount of sensitive consumer and internal data. But, at least the attack group was “nice” enough to include an option to extend the deadline… At “only” $10,000 a day…

Medusa has since made the stolen data available for purchase on their dark web site, indicating that the ransom was not paid. Toyota then started notifying some German customers that their financial information was compromised as a result of the breach. While Toyota has not confirmed the cause of the breach, it has been speculated that stolen credentials or phishing could have been the cause. A security researcher also posted publicly prior to the incident that Toyota Financial Services had an exposed system in Germany with a known vulnerability called “CitrixBleed,” which ransomware groups have been targeting. All these speculated attack vectors point back to the same weaknesses attackers highlighted as a reason to prey on the industry earlier this year.

A new trend we see with these attacks, is attackers leveraging regulatory compliance as a motivating factor for their victims to pay a ransom, as they know data breaches may result in fines/penalties. This effect is insult on top of the injury of downtime, resulting loss of revenue, damage to reputation, cost of credit monitoring services for victims of a breach and countless other impacts — some directly financial and others intangible.

These attackers know the stakes are higher now for the auto industry, especially with the latest amendment to the FTC Safeguards last month to include reporting requirements. In other regulated industries, we’ve started to see attackers employ a new tactic — threatening not only to release compromised data, but also to report their victims to a regulatory authority. Just last month a ransomware group filed a complaint with the U.S. Securities & Exchange Commission when one of its victims, a software company, failed to meet the reporting threshold under a new rule, similar to the requirements the FTC has adopted (albeit with a much shorter window for reporting).

The amounts the attackers chose for the Toyota ransom, expiration date and extension option are not arbitrary, but carefully calculated to maximize inflicted damage and increase likelihood of payout. They do their research, know their targets and are prepared.

We must be more prepared.

Some hard-hitting industry-specific statistics here:

  • Only 53% of polled auto dealers are confident in their security (actually up 16% from last year. More on that below.*)
  • 17% of dealers experienced a cyberattack or incident in the past year.
  • The average ransom amount is $740,144.
  • 84% of consumers polled would not purchase another vehicle from a dealership if their data was breached.

and of those dealerships that experienced a cyberattack:

  • 85% reported that incidents occurred as a result of phishing
  • 46% resulted in negative financial/operational impact
  • 69% reported employee downtime
  • 31% reported damage to reputation

*But — there is hope! Let’s move into the solution here:

  • 75% of dealers that chose to become compliant with the FTC Safeguards saw significant improvement of their security after those efforts.
  • The key actions identified above included:
    • Identifying a qualified individual to oversee their cybersecurity
    • Implementing cybersecurity training for all employees
    • Implementing multi-factor authentication throughout the network
    • Performing a risk assessment, conducted by a reputable source
    • Basing their information security program on aforementioned risk assessment
    • Developing an Incident Response Plan

If you haven’t taken these steps toward compliance and improving overall security, now is the time to start.

These attacks are not likely to decrease until we change attackers’ opinion of the industry. It’s imperative that dealers work with a partner to implement these security best practices above, to best protect themselves against these ever-increasing, ever-evolving threats.


Sources:

https://www.scmagazine.com/news/auto-dealers-are-prime-targets-for-hackers-warn-researchers

https://cybersecurity.att.com/blogs/security-essentials/how-to-protect-your-car-dealership-from-cyber-attacks

https://www.cdkglobal.com/media-center/driving-danger-cdk-global-2023-cybersecurity-report-reveals-rise-auto-dealership

https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-medusa-ransomware-threatens-to-leak-data/#google_vignette

https://www.ftc.gov/news-events/news/press-releases/2023/10/ftc-amends-safeguards-rule-require-non-banking-financial-institutions-report-data-security-breaches

https://www.autonews.com/mobility-report/how-toyotas-supplier-portal-got-hacked


You May Also Like

Our One and Only

Taking care of physical and mental health is crucial in the dealership business, yet often overlooked in the daily hustle.

human body images

Is Your Body's "Check Engine" Light On?

There’s a topic that isn’t usually covered in business school or in sales training, but this factor can impact every step we take in our career at our dealerships: our physical and mental health.

In the day-to-day operations of leading our teams, serving our customers and building our dealerships, taking care of our health can often come in second place, or ignored completely. If we want to be effective in our efforts, however, dealing with health challenges will sap our energy and leave us with less to work with.

WIA Conference 2024: A Transformative Experience

The event was truly empowering, leaving us with numerous new connections and plans for future collaborations.

woman speaking in front of audience, crowd-stock
Women In Automotive, My First Time

The women power players in the auto industry were here and they were about to show me how a conference can be different.

Subi Ghosh at WIA conference- Women In Automotive, Colorado Springs
Change My Mind

A centralized vendor relationship manager emerges as the linchpin in achieving this alignment, ensuring that the vendor portfolio is strategically tailored to enhance the overall efficiency and profitability of each store.

A centralized vendor relationship manager emerges as the linchpin in achieving this alignment, ensuring that the vendor portfolio is strategically tailored to enhance the overall efficiency and profitability of each store.
Too Many Dealers Are Stuck in the Pandemic When It Comes to Inventory Management

Dealers who prioritize proactive inventory management and pricing strategies are seizing a competitive edge. Those tethered to outdated methodologies risk being left behind as the market continues its rapid evolution.

Too Many Dealers Are Stuck in the Pandemic When It Comes to Inventory Management
Other Posts
Aura, Mosaic Launch Program to Protect Dealers, Buyers from Cybercrime

The partnership will provide identity protection to anyone who gives dealers personally identifiable information (PII) during the car-buying process.

Lax Hygiene Greatest Risk of Dealership Data Breach, Expert Says

Learn strategies combining human oversight and digital security measures from Terry Dortch to maintain compliance.

ABCoA Offers DST Dealership Sales Tools Amid Software Hack

Featuring quick implementation and affordable pricing, ABCoA offers the software to support dealerships affected by the security breach.

DAS Helping Dealerships Experiencing CRM or DMS Disruptions

DAS Technology is waiving subscription fees and offering CX technology to dealerships experiencing disruptions with other vendors.