HQ/EMEAFind out how we can help your business
Toyota Financial Services (TFS), a subsidiary of the renowned Toyota Motor Corporation, announced that it had fallen victim to a cyberattack executed by the Medusa ransomware group. The breach has raised concerns about the safety of sensitive data, with the hackers threatening to expose the stolen information unless the company complied with their demands.
The breach came to light when Medusa ransomware claimed responsibility for the attack and listed TFS on its dark web data leak site. The ransom demand reached about $8,000,000, with a 10-day deadline for Toyota to comply. Moreover, the attackers offered the company an extension that cost $10,000 per day.
Toyota Financial Services confirmed the cyberattack but did not disclose its overall impact.
Representatives from Toyota Financial Services refrained from confirming whether the attackers stole information from their database. However, the threat actors behind Medusa claimed they had successfully exfiltrated a trove of sensitive files.
To underscore the legitimacy of their claims, the hackers published sample data on the dark web to prove that they obtained information from TFS. The sample includes financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organisation charts, financial performance reports, staff email addresses, and more.
Most of the leaked documents were in German, indicating that the breach may have compromised systems serving Toyota’s operations in Central Europe. Furthermore, the severity of the situation has prompted TFS to execute swift action to address the attack.
The entity has isolated some systems for investigations and risk reduction. TFS has also reached out to law enforcement agencies to address cybercrime.
This incident has sparked concerns about a potential Citrix Bleed breach, as a security analyst emphasised that TFS’s German office had an internet-exposed and outdated Citrix Gateway endpoint since August 2023. This vulnerability, CVE-2023-4966, could potentially expose the company to additional security threats in the future if this flaw remained unpatched.
This incident is another example of the threat actors’ improvement in creating sophisticated ransomware attacks. The result of this cyberattack will prompt organisations worldwide to reevaluate and reassess their cybersecurity protocols to keep up with the increasingly dangerous malicious campaigns.
